SANS: People, Greatest Asset and Biggest Vulnerability

In an increasingly technological world it is easy to forget that social engineering attacks will always be bigger and more damaging than the latest 0-days. The best hacks are the ones that have significant "people" components. That's why it is surprising that both Microsoft and SecurityFocus seem taken aback by a relatively unknown piece of spyware being so successfully deployed using social engineering.

It is well-known that most intrusions are insider (aka people) attacks. In the days before Outlook flaws, e-mail viruses had to trick users into running attachments. There will always be an occasional vulnerability that will have the security people scrambling, but there will always be users who run things they shouldn't be running.

The idea that the unsophisticated consumer will be able to protect their information is not one that is valid in the light of the amount of accounts that are compromised. Phishing is a great example. There would be little to no phishing if people couldn't be tricked into ponying up their information. SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System

Linked by shanmuga Wednesday, 5th April 2006 3:52AM