Hacks make Internet look lawless, but security just hasn't caught up to spear-phishers yet

IT security needs to catch up to spear-phishing/malware/server-attack combinations


We can use or urge our IT shops to use spam- and phishing-resistant systems from companies like Cyveillance, BlueCoat, IronPort or Imperva.

We can set policies on how and when not to give out security information without visual- or voice confirmation of who we're dealing with, even when the request satisfies all the typical requirements.

We can even do outre things like getting the half of all IT security people who don't know where the files they're supposed to protect are stored to figure that out so they know what to protect.

And – I'm talking to you, Sony – we can plug that stupid SQL injection flaw that has been a swinging door into every network you've ever owned.

Yes, there are a lot of comparatively new, highly effective exploits out there combining social engineering, spear-phishing, malware and traditional attacks. Yes, there are a lot more people, groups and countries hacking at each other online. Yes the Internet is still a dangerous place.

But neither it nor the cloud is not more insecure than it was a month ago.

And not fixing obvious security flaws or even telling all the security managers in the company about the one that hit the most recent of your sites (this is for Sony, again), is just nothing but stupid.

Join us:






Spotlight on ...
Online Training

    Upgrade your skills and earn higher pay

    Readers to share their best tips for maximizing training dollars and getting the most out self-directed learning. Here’s what they said.


    Learn more

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question