Firewall and system probing, Network File Systems application attacks, email attacks, vendor default password attacks, spoofing, sniffing, fragmentation and splicing attacks. Where will it all end? Since this is clearly our biggest security concern why can’t we fix it? Why aren’t we throwing all our money, manpower and technical abilities at this problem? Computer crimes cost us $32 million is 2006. Boy, I’ll tell you what - somebody better do something quick. Unless the computer isn’t our biggest security concern…
But if (as I imply) the computer isn’t the biggest threat to the security of our organization or mission, then what is? Here’s a clue - look above. Didn’t you read all that stuff in the first paragraph? Of course the computer is the biggest threat to the security of your organization/mission. Or is it…
Well, duh. The computer and it’s evil spawn the INTERNET is just teeming with demon hackers who are trying to either crash or rape your system every minute of every day. It’s all over the news! Technology is killing security. Punks who were born with Playskool See-n-Hack starter laptop kits are wreaking havoc all over the technosphere. What’s an OPSEC Program Manager to do? Hell, you’re not the IT Security dude. You know nothing of firewalls routers and DMZ’s. Face it partner - you’re screwed. Unless…I mean, unless the computer is not the biggest threat to the security of your organization/mission…
And here we are again. What is, and will remain, the biggest threat to security in your organization is the person in the next cubicle, or the next stall, or the next chair, or sitting across from you at lunch asking you to pass the pink or yellow stuff that really isn’t sugar but will kill you just as fast. Humans…whattaya gonna do?
I can’t count the number of times I’ve been allowed into “secure” facilities by people who should have known better. And you would be surprised how many buildings you can waltz right through when you’re wearing a UPS uniform and carrying a couple of boxes. You can have the best physical security money can buy for your building but if smokers leave the back door propped open for convenience…establish a great password policy but if your people write their passwords down…carefully screen all information you put on your web page but if Marketing feels the need to publicize…
The old saying is that we spend 80% of our security money protecting ourselves from outside threats while, in truth, 80% of our threat comes from within your own organization. The next time you head over to the fridge to see if anyone has left a Klondike bar without a name on it take a look around - you are surrounded by people who will unmaliciously give away sensitive information at the drop of a hat. They don’t mean to by the way. They just haven’t been properly educated about how NOT to inadvertently give away sensitive and critical information. That’s your job - now get to it!
Keep the Faith!
Revelator
30. May 2008 at 19:46
Good call here. I spend all day looking at firewall logs and configuring security sytems, it’s really easy to get tunnel vision and lose sight of the “hidden threats”!