Educating users to successfully perform procedures proven to protect daily computing activity is the best defense against the threat of malicious attacks online. We spent a considerable amount of time this spring reviewing a lot of research material on the topic of whether or not cloud computing systems can be relied upon to protect customer information. Most of the research identified incorrect procedures and outright errors across a wide range of users, from non technical to administrators, as the real cause of lossed data, rather than structural flaws in cloud applications.
When we read Kim Zetter’s article, published on April 11, 2013 on the WIRED magazine web site, Gaming Company Certificates Stolen and Used to Attack Activists, Others, and a few of the linked articles, we found a substantial amount of corroboration of the same findings produced by our review of the cloud reliability research. The best defense against the threat of a successful malicious attack on an online web site or network is to:
- produce policies and procedures to prohibit users from posting company and personal confidential data to online data repositories
- and to plan on attackers successfully penetrating even the most formidable defenses
In April, 2013, the intensity and frequency of online attacks appears to be at the highest point since the inception of the public world wide web in 1994. One of our corporate email addresses was harvested from the well publicized, successful breach of the LinkedIn web site. This email address receives the most creative attempts to entice our staff to click on links, we have ever seen. We submitted several of these attempts to the security team at PayPal. We did receive a reply from the PayPal team, which validated our decision that the email was a fake and a dangerous attempt to get our staff to click.
But at some point someone will click. Security teams must work on this underlying assumption. The task then is to build the correct strategies to safeguard company information despite a compromise of a web site or a corporate network. Of course, the solution we have in mind is to lock down the information on computers removed from any type of network connection.
© IMB Enterprises, Inc. & Ira Michael Blonder, 2013 All Rights Reserved