Hacks make Internet look lawless, but security just hasn't caught up to spear-phishers yet

IT security needs to catch up to spear-phishing/malware/server-attack combinations


We can use or urge our IT shops to use spam- and phishing-resistant systems from companies like Cyveillance, BlueCoat, IronPort or Imperva.

We can set policies on how and when not to give out security information without visual- or voice confirmation of who we're dealing with, even when the request satisfies all the typical requirements.

We can even do outre things like getting the half of all IT security people who don't know where the files they're supposed to protect are stored to figure that out so they know what to protect.

And – I'm talking to you, Sony – we can plug that stupid SQL injection flaw that has been a swinging door into every network you've ever owned.

Yes, there are a lot of comparatively new, highly effective exploits out there combining social engineering, spear-phishing, malware and traditional attacks. Yes, there are a lot more people, groups and countries hacking at each other online. Yes the Internet is still a dangerous place.

But neither it nor the cloud is not more insecure than it was a month ago.

And not fixing obvious security flaws or even telling all the security managers in the company about the one that hit the most recent of your sites (this is for Sony, again), is just nothing but stupid.

Join us:






Answers - Powered by ITworld

Ask a Question