The issue of cybersecurity touched off a hot discussion here, so I thought I'd share a few more things I learned from talking with Hewlett-Packard Co. (NYSE: HPQ)'s Rebecca Lawson earlier in the week. (See: Is Social Networking Increasing Cyberthreats? and HP Targets Cyberthreats.) One of the more interesting takeaways: Security breaches via social networking are not a technology problem but a people problem.
I know this isn't a new concept, but bear with me. HP's midyear security report noted a contradiction: New vulnerabilities in security are not being discovered (or reported) as frequently as they were in the past, but attacks continue to increase. This indicates hackers are getting better at capitalizing on existing breaches and don't really need to create new ones in order to exploit systems.
The most frequent types of problems coming in through these gaps are associated with a well-meaning user clicking on the wrong link. All of these URLs look legit and may actually be a mirror image of an approved site. Most users won't even know anything is wrong. I won't go into the technical aspects -- cross site scripting (XSS) vs. SQL injection (SQLi). The data is scary enough. HP reports both types of attack use existing security gaps to exploit data. SQLi accounts for 68 percent of total Web application attacks discovered in the first half of the year; XSS accounts for 21 percent.
Any Facebook user knows it's virtually impossible to resist opening a message or a link or a Friend request. In terms of lost business productivity, social networking has become the new online shopping. My personal social networking guru (and EBN contributor) Andy Lawson points out that social networking is no worse than any other means by which a hacker gains access to a corporate network. The key is educating users on the dangers of seemingly friendly links.
Social media is merely another venue for massive amounts of data that can be abused. So do you ban it? HP's Lawson says the technology to tackle just about any known threat exists. One of the key strategies around enterprise security, she says, is discovering the gaps between existing silos of IT. Another is embedding the awareness of these gaps throughout the enterprise.
"A lot of [the problems] around social networking are people and culture issues," she says. "The first step is to have the right levels of awareness within the enterprise and build it into your people and culture."
I'm trying to think of a catchy slogan around the idea. Is "think before you click" already taken?
I agree with you regarding education and I would also encourage for companies and organization to improve their IT security policies and procedure for the protection of their confidential files and data.
I agree with you regarding education and I would also encourage for companies and organization to improve their IT security policies and procedure for the protection of their confidential files and data.
That is a layer of protection but not the BEST way to protect ourselves. There are still pretty smart individuals with very sophisticated software that fall prey to simple phishing scams. So, once again, education and awareness ALONG WITH technology is the best approach (with more emphasis on the education part).
Just my thoughts about the topic "Cybersecurity" as problem. In the current situation this is really hard to control. I guess the best way to protect ourselves from this crime is to install all encryption and security software.
Just my thoughts about the topic "Cybersecurity" as problem. In the current situation this is really hard to control. I guess the best way to protect ourselves from this crime is to install all encryption and security software.
Although that is true in most cases, what about the situations when you need a communication trail? Even though it's important, email is the best option. Remember, it can be summoned in court cases and counts as reliable eveidence.
Barbara, you're on to something with a campaign. A creative PSA slogan could easily be developed along the lines: "Loose Clicks Sink Ships," or "Only You Can Prevent Cyber Fires," Or "A network is a terrible thing to waste." Having just spent 3 days recovering from a hard drive crash, I can relate. Even with some of the best screening and security tools onboard, it's still an arms race where cyber-security is concerned.
I like Nemos' slogan. I could run with that for days.
Great article again, Barb. This is a huge issue and one that can only be battled if we all do our part. Education of our employees (and employers) is the best route, but security to protect us for the 'just in case' is mandatory. I know it seems hackers are always one step ahead...and they are...but only because we have to know the threat before we can battle it.
Best thing to do is to stay diligent online. Oh, and keep talking about it. The more we discuss and collaborate, the more knowledge we put on the table.
EBN Dialogue enables and encourages you to participate in live chats with notable leaders and luminaries. Not only editors and journalists, but the entire EBN community is able to comment and ask questions. Listed below are upcoming and archived chats.
Archived Dialogues
Thailand Stages a Comeback Join EBN contributor Jennifer Baljko on Thursday August 23, 2012, at 11:00 a.m. EST for a live chat on how electronic manufacturers in Thailand have shored up their supply chain to reduce the impact of future natural disasters.
Euro-Crisis: What It Means for High-Tech Firms Join EBN Editor in Chief Bolaji Ojo and Contributing Editor Jennifer Baljko on Thursday, July 12, at 10:00 a.m. EDT for a Live Chat on high-tech and Europe's economic difficulties.
Microsoft Surface: Potential Winners & Losers What are the implications for the electronics industry supply chain of Microsoft Corp.'s decision to launch its own tablet PC? Join industry veteran and EE Times' systems and OEM expert Rick Merritt on Tuesday, July 3, at 12:00 pm EDT for a Live Chat on this subject.
Join EBN contributor Jennifer Baljko on Thursday August 23, 2012, at 11:00 a.m. EST for a live chat on how electronic manufacturers in Thailand have shored up their supply chain to reduce the impact of future natural disasters.
Peter Drucker famously said "Trying to predict the future is like trying to drive down a country road at night with no lights while looking out the back window." Yet in the razor's-edge world of electronics—with a lean supply chain and just-in-time demands—the need to know the future is vital.
You've heard the saying "the No. 1 supply chain risk is your people." That hasn't always been the case. But today's complex global supply chain requires a new type of multitalented employee. It's one who understands, finance, marketing, economics, is savvy with technology, graceful with relationships and can think analytically.
Where are these people? Are universities properly preparing the next generation supply chain professionals? How do train your existing workforce for these new, demanding positions?
Brian Fuller, editor-in-chief of EBN, will lead a 60-minute Avnet Velocity panel discussion that will ask and answer these and other questions swirling around today's supply-chain talent challenges.
To save this item to your list of favorite EBN content so you can find it later in your Profile page, click the "Save It" button next to the item.
If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This