Humans are the weakest link that needs to be healed. New laws aimed at
improving IT data security are being written by the bushel, loaded with
penalties for non-compliance and security breaches, but unless we start
with strengthening the weakest link, things are not going to get any
better.
Gartner, the largest computer industry analyst, was right when they said:
"Many of the most damaging security penetrations are, and will continue
to be, due to Social Engineering, not electronic hacking or cracking.
Social Engineering is the single greatest security risk in the decade
ahead." -- Gartner, 2010
The technical director of Symantec Security Response said that bad guys
are generally not trying to exploit technical vulnerabilities in Windows.
They are going after employees instead. "You don’t need as many technical
skills to find one person who might be willing, in a moment of weakness,
to open up an attachment that contains malicious content." Only about
3% of the malware they run into tries to exploit a technical flaw. The
other 97% is trying to trick a user through some type of social engineering
scheme.
This means it does not matter if the workstation is a PC or a Mac. The
final line of defense is… you guessed it: your users.
