The issue of cybersecurity touched off a hot discussion here, so I thought I'd share a few more things I learned from talking with Hewlett-Packard Co. (NYSE: HPQ)'s Rebecca Lawson earlier in the week. (See: Is Social Networking Increasing Cyberthreats? and HP Targets Cyberthreats.) One of the more interesting takeaways: Security breaches via social networking are not a technology problem but a people problem.
I know this isn't a new concept, but bear with me. HP's midyear security report noted a contradiction: New vulnerabilities in security are not being discovered (or reported) as frequently as they were in the past, but attacks continue to increase. This indicates hackers are getting better at capitalizing on existing breaches and don't really need to create new ones in order to exploit systems.
The most frequent types of problems coming in through these gaps are associated with a well-meaning user clicking on the wrong link. All of these URLs look legit and may actually be a mirror image of an approved site. Most users won't even know anything is wrong. I won't go into the technical aspects -- cross site scripting (XSS) vs. SQL injection (SQLi). The data is scary enough. HP reports both types of attack use existing security gaps to exploit data. SQLi accounts for 68 percent of total Web application attacks discovered in the first half of the year; XSS accounts for 21 percent.
Any Facebook user knows it's virtually impossible to resist opening a message or a link or a Friend request. In terms of lost business productivity, social networking has become the new online shopping. My personal social networking guru (and EBN contributor) Andy Lawson points out that social networking is no worse than any other means by which a hacker gains access to a corporate network. The key is educating users on the dangers of seemingly friendly links.
Social media is merely another venue for massive amounts of data that can be abused. So do you ban it? HP's Lawson says the technology to tackle just about any known threat exists. One of the key strategies around enterprise security, she says, is discovering the gaps between existing silos of IT. Another is embedding the awareness of these gaps throughout the enterprise.
"A lot of [the problems] around social networking are people and culture issues," she says. "The first step is to have the right levels of awareness within the enterprise and build it into your people and culture."
I'm trying to think of a catchy slogan around the idea. Is "think before you click" already taken?
"As a consumer, I hate that. As a business, I realize the value of that data. It's a tough one."
Barbara,
I always find it interesting how our perception changes depending on our position as a consumer or as a business. Sometimes I wonder why can't we find an equilibrium in this matter.
To the point about the Internet being used than otherwise intended--absolutely. That's another topic discussed this week. All of the data that can be mined once a user clicks or logs on to a link is intended for a purpose is widely abused. As a consumer, I hate that. As a business, I realize the value of that data. It's a tough one.
Barbara, you are right. Cyber security is a people problem. Its merely depends up on how we are using the data and whether we need to look for someone else data. If we respect others privacy and personality, there should not be any data threat and no need of cyber security. The over enthusiasm to overlook for other’s personal matter is the major concern and it’s purely an attitude issue.
Cyber security being a people problem is definitely true. No matter what software is in place, if the user clicks on the wrong things, it's their fault not the software. Ultimately if companies are going to allow individuals to access these sites at work they are going to have to educate them about these areas and possibly have punishments in place if they violate them. Sometimes having the negative impacts is the only way to get through to some people.
In my opinion , many of the things that evolved on the internet were originally not intended for serious business . They were intended for fun & entertainment. The social networking sites have evolved like that.
Nowadays everything on line is being used for some commercial purpose. The faceless organizations sell products, services to faceless customers. And when money is involved how can the crime be left behind?
We need a new internet which is strictly designed ground up with security as its prime concern and not openness as it is now.
That's why education is the key. I feel like you must sit through a day-long seminar about the pitfalls of the net prior to ever signing on. But then agian, we get Internet on our phones now, so who's going to foot that bill.
"A lot of [the problems] around social networking are people and culture issues" well expressed.It must be mentioned that Internet hides a lot of traps and it is not a game, its a living world. Every action we do it is recorded and every click we do may cause us problems. With the same way of thinking we act in daily life we must act also when we are on the net. I think "It is NOT just a click" may works.........
EBN Dialogue enables and encourages you to participate in live chats with notable leaders and luminaries. Not only editors and journalists, but the entire EBN community is able to comment and ask questions. Listed below are upcoming and archived chats.
Archived Dialogues
Thailand Stages a Comeback Join EBN contributor Jennifer Baljko on Thursday August 23, 2012, at 11:00 a.m. EST for a live chat on how electronic manufacturers in Thailand have shored up their supply chain to reduce the impact of future natural disasters.
Euro-Crisis: What It Means for High-Tech Firms Join EBN Editor in Chief Bolaji Ojo and Contributing Editor Jennifer Baljko on Thursday, July 12, at 10:00 a.m. EDT for a Live Chat on high-tech and Europe's economic difficulties.
Microsoft Surface: Potential Winners & Losers What are the implications for the electronics industry supply chain of Microsoft Corp.'s decision to launch its own tablet PC? Join industry veteran and EE Times' systems and OEM expert Rick Merritt on Tuesday, July 3, at 12:00 pm EDT for a Live Chat on this subject.
Join EBN contributor Jennifer Baljko on Thursday August 23, 2012, at 11:00 a.m. EST for a live chat on how electronic manufacturers in Thailand have shored up their supply chain to reduce the impact of future natural disasters.
Peter Drucker famously said "Trying to predict the future is like trying to drive down a country road at night with no lights while looking out the back window." Yet in the razor's-edge world of electronics—with a lean supply chain and just-in-time demands—the need to know the future is vital.
While no one really can accurately predict the future, we can take guidance from another Drucker saying which is the best way to predict the future is to create it.
You've heard the saying "the No. 1 supply chain risk is your people." That hasn't always been the case. But today's complex global supply chain requires a new type of multitalented employee. It's one who understands, finance, marketing, economics, is savvy with technology, graceful with relationships and can think analytically.
Where are these people? Are universities properly preparing the next generation supply chain professionals? How do train your existing workforce for these new, demanding positions?
Brian Fuller, editor-in-chief of EBN, will lead a 60-minute Avnet Velocity panel discussion that will ask and answer these and other questions swirling around today's supply-chain talent challenges.
To save this item to your list of favorite EBN content so you can find it later in your Profile page, click the "Save It" button next to the item.
If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This