Dave Kearns posted March 18 that he's been fascinated by the information that keeps coming out of the Taget Stores data breach. He's got a great analysis, and he ends off with words that are straight out of our heart:
"It should also be noted that the initial introduction of the malware to Target is being attributed to the use of credentials from a Target partner or vendor most likely obtained via a spear-phishing expedition.
It's necessary to have the right security technology in place, there's no question about that. But, there really is no substitute for education – teaching your people how to recognize potentially hazardous communications or situations and how to handle them.
It's going to take more than a memo and some "be aware" posters, though. What I'm talking about is a real education campaign with actual teaching, perhaps some mentoring and periodic testing. The occasional "pop quiz" via a phishing-style email should be part of your proactive anti-malware campaign. Those that fail the quiz should be required to take refresher courses.
Technology can help, but only well trained, fully-informed and security aware employees can keep your organization safe." (link is ours)
Dave Kearns is a senior analyst for Kuppinger-Cole, Europe's leading analyst company for identity-focused information security and networking. His columns and books have provided a thorough grounding in the basic philosophies of directory technology, networking, and identity management to a generation of technologists
