There was a time when some companies could afford to take a “wait and see” approach to everything from product development to marketing to security. Times change, however, and it’s clear that a knee-jerk reaction to addressing security vulnerability, particularly when it comes to information, isn’t going to cut it anymore.
Identifying deficiencies in your security process means staying involved and staying informed. Ignoring emerging information security threats while hoping that your organization is being ignored by criminals is both an unrealistic and ineffective way to thwart attacks. That’s the considered opinion of security software heavyweight Symantec’s 2012 Internet Security Report, which also addressed changes in the modus operandi espoused by many of today’s social engineers.
Rather than look for weaknesses in a device or a computer network, many of today’s tech savvy opportunists are turning to exploiting vulnerabilities in a company’s employees. In an BankInfoSecurity article, “Social Engineering: Mitigating Risks,” Liam O’Murchu, manager of operations at Symantec Security Response, said that it is lax security procedures, a failure to address known security gaps, and not staying current with fraud trends that can leave organizations open to attacks by today’s social engineers.
Since there’s no plug-and-play device, app, or firmware that controls human behavior, having policies in place that address the acceptable uses of a company’s information channels, from its email to its telephones, are among the best ways of countering many information security attacks. When was the last time you looked at your company’s acceptable use policies?
It’s sometimes said that a chain is only as strong as its weakest link. When it comes to the chain that protects your organization’s information security, isn’t it a good idea to find out where that link is?