[ insider_reports_insider ]
The Biggest Enemy Of Security Pros
David Utter
Staff Writer
2007-10-03
 Insider Reports RSS Feed
Chinese spies and Russian profiteers may be near the top of the list of what vexes security professionals the most, but user apathy has to be considered too.
 | | The Biggest Enemy Of Security Pros |  |
Persistent ploys by criminals to infect machines through attachments or spam links to malware happen over and over again. People keep falling for these scams despite the pleadings of administrators who warn email users not to open every single attachment they receive out of curiosity.
McAfee researcher Dirk Kollberg lamented the insatiable need for people to try to find out if the email will really deliver what it's promising. Few people seem to get the concept of "no such thing as a free lunch," with Kollberg's experience serving as just one example:
"If the company sends the mails to my machine, they know what they are doing. Why shouldn't I click on those mails?" I heard that once from a corporate user-it scared me, because it was that user who was causing an internal outbreak.
While that user enjoyed the weekend, the IT guys tried to regain control of their network. About 15 employees of that company were working the whole weekend, plus external consultants.
Kollberg wondered if people are that apathetic about computer security. It's pretty easy to see the answer.
Computer users have proven over the past decade that enough of them simply do not care about online threats. All the advisories and education and suggestions just don't get through.
User education isn't the answer. There are always people who are going to buy into what the criminals are selling. Though many fine security software solutions for the end-user exist, the problem isn't the desktop. It's the edge of the network.
Until a real paradigm shift in computer security takes place, and everyone buys into the idea of thwarting attacks and spam at the gateway to a network, instead of on the network, we're going to see infections happen over and over again.
ISPs need to be part of the solution too. When a PC on a network pumps out hundreds of thousands of pieces of email, there's a pretty good chance a bot has caused this to happen. If an ISP can throttle a customer based on too much downloading, they should be able to address the garbage coming out through their networks.
User education? It doesn't look like it's worth the effort. The fight for security has to take place in the cloud before it can rain on computer users, not on the desktop.
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
