A major leak in enterprise security is often caused by something that information security teams cannot physically control: the security of the users themselves. Infosec pros can patch systems, keep antivirus up to date, and surround the critical infrastructure with firewalls until they are blue in the face, but enterprises are still only as safe as the level of their users' security awareness.
As long as users have access to outside email, social networking sites and the like, organizations will continue to have security issues.
Until a couple of years ago, users at my organization had no fear of email. If a subject line looked remotely interesting, they would open it. If the email included a link or attachment in addition to a catchy subject line, they would follow it. It's hard to blame them, as some malicious emails look very convincing to the untrained eye. But for years, clicking without conscience caused my help desk a lot of grief.
I have tackled t...
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.co.UK
