Who Is The Least Secure Employee In Your Web Company?
Dark Reading has a thought-provoking post up about the popular buzzphrase “insider threat”, and, to the point, how it really doesn’t make sense as a term. The post advocates for a more fine-grained approach:
- rogue employees – This is actually the darkest prospect, and yet entrepreneurs fear it the most while it actually happens the least.
- security loss through incompetence – now we’re talking!
- just plain leaks – through, for instance, trusting a third party and then their incompetence exposed you to risk.
- outside attacker penetrating inside – really, every outside threat aims to become an inside threat.
Experience has proved out time and again, that under-trained or careless employees are the greatest threat vector. For every “Hollywood hacker” trying to get into your site, there’s a hundred receptionists setting their password to “1234”, a hundred associates using a malware-infected Windows PC to send mail, a hundred security guards who aren’t watching what they should, and a hundred coders who left a gaping exposure to XSS in your web page. It’s ridiculous to treat malicious attackers and mistakes all the same way.
Who Is The Least Secure Employee In Your Web Company? Read More »