People Remain the Number One Threat to Security

Sunday, November 21, 2010



People remain the number one cause of security lapses, whether it be by human error, disregarding policy, or outright malicious intent. 

All the security, training, planning and education in the world can not seem to defend against the human element, and this fact presents the single largest obstacle to security for individuals, enterprise, and government.

Here are just a few examples from this week alone:

California Fines 7 More Entities for Unauthorized Access to Patient Info by Employees

"The California Department of Public Health (CDPH) announced that six California hospitals and one nursing home have been assessed administrative penalties and fines totaling $792,500 after a determination that the facilities failed to prevent unauthorized access to confidential patient medical information. Medical privacy is a fundamental right and a critical component of quality medical care in California, said Dr. Mark Horton, director of CDPH. We are very concerned with violations of patient confidentiality and their potential harm to the residents of California...."

Cop Accused of Misusing Database

"A Strathclyde Police officer accused of lying to help protect his lover carried out a check on his partner using an official database, a court has heard. Det Supt Shona Bassano told Glasgow Sheriff Court that Pc Steven Smith searched for his boyfriend David Brydon on the Scottish Intelligence Database. Pc Smith is alleged to have lied to another officer who was trying to trace Mr Brydon in connection with a robbery...."

Hacker Indicted for Breaching Federal Reserve Bank

"A hacker has been charged with accessing systems at the Federal Reserve Bank in Cleveland and stealing at least 400,000 credit and debit card numbers. This breach is particularly troubling, as transactions from every bank in the country are processed through branches of the Federal Reserve.."

3 Plead guilty to Building CAPTCHA Braking Network

"Three California men have pleaded guilty charges they built a network of CAPTCHA-solving computers that flooded online ticket vendors and snatched up the very best seats for Bruce Springsteen concerts, Broadway productions and even TV tapings of Dancing with the Stars. The men ran a company called Wiseguy Tickets, and for years they had an inside track on some of the best seats in the house at many events. They scored about 1...."

Denial of Service Attacks Remain Popular Tactic

"Denial of Service (DoS) has often been used to as a tool send a message to the subjects of the attacks, and recent events indicate the use of the tactic to strategically promote the agendas of one group over those of another is on the upswing..."

Chinese Pursue State Sponsored Cyber Espionage

"Reports have asserted that the Chinese government is actively using Chinese telecom companies to conduct cyber espionage against the United States, and questions have been raised about partnerships with Chinese telecom companies and corporations tied to Governor-elect Rick Snyder of Michigan..."

U.S. Man Online Talking People Into Killing Themselves

"A Minnesota man who scoured online suicide chat rooms and attempted to talk members into killing themselves has pleaded not guilty to felony charges stemming from two deaths, including that of a Canadian first-year university student. William Melchert-Dinkel, a 48-year-old married father of two, entered the plea Friday afternoon in a Faribault, Minn., courtroom. His jury trial is expected to begin in late February or early March...."

Attacks Against Critical Infrastructure On the Rise

"More than three-quarters of respondents indicated the frequency of attacks was increasing. Companies reported an average of ten attacks over the past five years, and nearly half of those surveyed expect to be subject to another attack in the next twelve months..."

Possibly Related Articles:
Security Awareness
Data Loss Headlines Hacker Security
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.