Malaysia organizations don't realize severity of cyberattacks http://t.co/FFems54Q
8 minutes ago by mytech_pro on twitterZDNet / News / Security
Top execs biggest social engineering risk
Summary
Senior executives' tendency to bend security rules for convenience makes it easy for cybercriminals to carry out social engineering attacks, security expert warns.
Topics
executive management, business, computer security, computer technology, technology, science and technology, troy, kevin mitnick, singapore, linkedin corporation
Events
Echelon 2012
June 11 and 12, 2012
University Cultural Centre, National University of Singapore
Startup Asia Jakarta 2012
June 7 and 8, 2012
12th Floor, Annex Building, Wisma Nusantara Complex, Jl. M.H. Thamrin No. 59 Jakarta 10350, Indonesia
MMA Forum Singapore
April 23-25, 2012
Grand Hyatt Singapore
COMMUNICASIA, SINGAPORE--High-level executives are one of the biggest social engineering risks for organizations, according to a security expert.
Senior executives often demand for exceptions to be made to security rules and policies for their convenience at the expense of security, Jayson Street, CIO and managing partner of Strategem 1 Solutions, said Thursday at the network security conference track. This practice makes it easy for cybercriminals to successfully gain access to corporate networks by impersonating as management personnel.
Top executives are also ideal targets given their systems privilege and access rights, he pointed out. "[Hackers are] not going after the bank teller, [they are] going after the bank president, because the tellers have USB drive rights deactivated, they have controls on where they can go on Web sites."
Street recounted how he was able to access the server room of a hotel simply by gathering information through social networks such as LinkedIn and Twitter of the owner, then sending an e-mail to the access control personnel masquerading as the CEO of the tech support organization. When the staff was later asked why he allowed Street access, he said: "Because [the boss] sends e-mail messages like these all the time! He asked, and he's the owner--you have to let him do what he wants."
Street likened this approach to one of the 36 Stratagems, a Chinese essay on deceptive tactics called "kill with a borrowed knife", which in this case refers to the use of an employee as an attack vector.
Social engineering has been around for centuries and happened much earlier than the Kevin Mitnick days, Street noted, referring to the high-profile hacker whose specialty is social engineering.
In fact, the most impressive social engineering incident ever was the Trojan Horse that led to the downfall of Troy, he said. Sinon, a Greek man who had been disfigured and appeared to be abandoned by the Greeks, gained the Trojans' trust and convinced them that the horse statue was safe to be brought into their city.
Social engineering remains effective today in breaking down defenses as humans are "less guarded and cannot be patched", he added.
There are, however, steps that organizations can take to mitigate the threat, said Street. Information security personnel need to make senior executives understand that it is their job to protect upper management from becoming easy targets, and to avoid overriding security policies that they might regret later.
At all other levels, employees should be empowered to question and report suspicious activity, and to be recognized or appreciated when they actually do so, he added. In addition, the best "patch" for users is to help them become more aware about the dangers of social engineering and to learn from past mistakes.
"Doing social engineering engagements and testing on your employees brings up that kind of awareness," said Street. "That's a great way to patch [the security loophole]."
Resource Centre Useful content from our premier sponsors
Latest Stories
ZDNet Asia Live
China solar cell makers seek Taiwan partnerships http://t.co/p5Hh7kJD
1 hour ago by Export2China on twitter
Big data acquisitions pave way to fast, effective innovation http://t.co/hdiEfBsz via @zdnetasia
1 hour ago by jowoodley on twitter
Integration, focused investments to propel Windows Phone: By Kevin Kwang , ZDNet Asia on May 23, 2012 (2 hours a... http://t.co/E7tsZbHJ
2 hours ago by Easyforexdotcom on twitter
Integration, focused investments to propel Windows Phone http://t.co/u9TqjQ8C
2 hours ago by ashvin_9 on twitter
AsiaClassifiedToday. Integration, focused investments to propel Windows Phone - ZDNet Asia: S... http://t.co/47tdjZyG #asia #google #biz
3 hours ago by ChemarieMonica on twitter
Malaysian organizations are apathetic about information security and fail to realize they are potentially under... http://t.co/XeuvbXrs
4 hours ago by SalesInAsia on twitter
Big data acquisitions pave way to fast, effective innovation - ZDNet Asia News http://t.co/vDZpl0lu
5 hours ago by servicemarq on twitter
"Big data acquisitions pave way to fast, effective innovation" including @Vivisimo_Inc (client) in @ZDnetAsia http://t.co/yNSdPqbb
5 hours ago by FreestylePR on twitter
Homegrown smartphone OSes gaining favor in China: 59 Jakarta 10350, Indonesia Locally-made mobile operating syst... http://t.co/BruP98Es
6 hours ago by SmartPhoneHonch on twitter
RT @MDMGeek: Big data acquisitions pave way to fast, effective innovation - ZDNet Asia http://t.co/ky8YgPAn #Bigdata #analytics via @ciropuglisi
7 hours ago by data_nerd on twitter
Integration, focused investments to propel Windows Phone http://t.co/6JkDa9sB
7 hours ago by bestwaytoinvest on twitter
RT @AsianFashionLaw: Malaysia offers some manufacturing benefits over China http://t.co/bMquIFiX
7 hours ago by Serend1p1ty9 on twitter
Acquisitions in the Big Data market increasingly important to enterprises… http://t.co/Br4BkXyZ
7 hours ago by iProConLtd on twitterSo much as we know , MTK6575 extremely integrated frequency1GHz ARM Cortex-A9 processor, the superiority of 3G / HSPA Modem, and help the...
1 day ago by y15822137359 on 5 SaaS adoption speed bumps to avoidI reckon your view: "CRM is strategy, not software", if a company replicating the approach uses in ERP implementation into CRM, what they...
2 days ago by wykoong on Gartner: Mobile CRM gives better ROI than socialThis video will teach you about the Excel fill handle but also provide you with a workook to download... http://www.youtube.com/watch?v=...
3 days ago by TradeBrother on A quick fill handle trick for Microsoft Excelwaiting...
5 days ago by eapete on What should count in a company's market value?Boy, you've opened a can of worms now.
Wait for the rants & raves.
I was puzzling before this whether to replicate the success formula we executed for a financial institute, and come out with a standard s...
5 days ago by wykoong on Drop the egos, copy ideas, then innovateKeep up with ZDNet Asia
Facebook 
RSS Feeds 
Newsletters 
Twitter Inside ZDNet Asia
Sponsored
Threats and malware know no boundaries. Neither should your web security. See how far Blue Coat Unified Web Security goes to protect your network.
Echelon 2012 - The Awesomer Tech Event in Asia
Echelon 2012 – SEA’s longest running tech startup event goes Awesomer. Catch 50 of Asia’s most promising startups & over 40 international speakers on June 11-12.
Startup Asia Jakarta showcases new product-ready tech startups. Plus: hackathon, exhibition, and speakers. Use promo code CBSi50 for 50% discount.
ZDNet Asia Intelligent Singapore video series
Featuring inteviews with CXOs who define "intelligence" in their markets and reveal how their companies drive business efficiencies through ICT.
Social media apps like Facebook and Twitter can be a boon to business when used in the right context. To counter the network risks that come with the benefits your company has to have a clear policy on social media use (which covers everyone from rank-and-file to the big wigs). You should also check out: http://bit.ly/d2NZRp and http://bit.ly/cR80Al
Share it with your IT department and let me know what you think... kelly@briefworld.com