Home You Are Now the Weakest Link!

You Are Now the Weakest Link!

It has always been the case that when it comes to the security perimeter, it starts and ends with you, the end user. But a new report from RSA summarizing a security summit meeting held earlier this summer shows exactly how things are changing. The attack vector has shifted squarely to social engineering. “Anyone can be phished given the right context,” especially given that more attackers have more information about each of us. Thanks to Facebook, LinkedIn et al. they can use this information to identify the right targets within an organization and they can easily customize and personalize their pitch. It is a chilling document to read.

Some of the major highlights from the report:

Organizations should plan and act as though they have already been breached. Start planning now.

The key is to know what digital assets are important to protect, where they reside, who has access to them and how to lock them down in the event of a breach.

There is a rise in adversaries attacking third parties simply to beta test techniques to be used on actual targets. IT Managers should be aware of these trial balloons and recognize them as potential threats on their own organizations. 

We’re only as strong as the weakest link in our supply chain. This means that your trusted partners shouldn’t be trusted so much. Some attacks have moved further upstream in the supply chain to gain access. Consider paying for an independent security audit of your key partners. 

Responses to security incidents is a whole organization function, not just a provence of the IT security operations. You should consider having security response drills and planing for automated remediation activities, and making periodic tests to ensure everything works.

Malware is custom-written, sometimes minutes before attacks are begun. I saw examples of this when I attended a seminar at Symantec this past summer where we designed our own malware and saw how easy it was to produce custom code. “Attackers are increasingly agile and can take advantage of vulnerabilities more quickly than signature-based approaches can remediate,” says the report.

The IT security industry needs better frameworks for communicating threat information. These should include standardized reports and more technical and more automated resources to make sharing threat data easier.

Like a Chicago voter, IT security workers need to be out detecting attacks early and often. This is a continuous process.

Think beyond theft of data. Poisoning, disruption or embarrassment are all valid end goals of many attacks, as we have especially seen this past year. 

Security by simplicity. As our IT infrastructure gets more complex, it becomes easier to penetrate. As Thoreau said, simplify. Decommission outdated systems. Choose the simplest solution whenever possible. Eliminate non-essential pathways. 

RSA plans on taking some of the knowledge it acquired through this research on a road show, and the link above will eventually have the schedule posted. Maybe Anne Robinson can start a new TV show looking at IT security next!

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.