Sometimes life is too serious and I thought I’d throw some humour in here for once – well I thought it funny! It’s very rarely that I laugh hard enough while reading something on screen and taking a drink of water that it necessitates cleaning the monitor and desk but a story from Bloomberg’s did just that.
The story that won’t come as any surprise to anyone states that the US Department of Homeland Security earlier this year ran a test to see how hard it was for hackers to gain access to computer systems. And the answer was … well, we won’t even go there.
Humans are the weakest link
DHS staff secretly dropped computer discs and USB thumb drives in the parking lots of government buildings and private contractors. Of those who picked them up, 60 per cent plugged the devices into office computers, curious to see what they contained. If the drive or CD case had an official logo, 90 per cent were installed.
According to Bloomberg “The test showed something computer security experts have long known: Humans are the weak link in the fight to secure networks against sophisticated hackers. The intruders’ ability to exploit people’s vulnerabilities has tilted the odds in their favor and led to a spurt in cyber crimes.” As my dear old cockney grandad would say “that’s stating the bleedin’ obvious.”
The article quotes a Mark Rasch from Computer Science Corps who rolled off one of the most spot on quotes I have seen for a long time – “There’s no device known to mankind that will prevent people from being idiots.” That is almost pure Kurt Vonnegut!
Security incidents – 100s go unreported
Hundreds of incidents likely go unreported, said Rasch, who previously headed the Justice Department’s computer crime unit. Corporate firewalls costing millions to erect often succeed in blocking viruses and other forms of malware that infect computers and steal data such as credit card information and passwords. Human error can quickly negate those defenses.
“Rule No. 1 is, don’t open suspicious links,” Rasch said. “Rule No. 2 is, see Rule No. 1. Rule No. 3 is, see Rules 1 and 2.” It’s just like reading Arthur C Clark’s Robot Laws!
There is a less funny side to the article which provides some real life examples of secuirity breaches including examples pure idiocy where one employee at RSA RSA — yes, the security company that provides network-access tokens using random secondary passwords — went into a spam trap to retrieve a spreadsheet that had been sidelined.
In doing so an embedded Adobe (ADBE) Flash file that exploited a bug, then unknown to Adobe, that allowed hackers to commandeer the employee’s PC. RSA said information related to its two-factor SecurID authentication process was taken.
$100m compensation costs
And the cost of that little escapade – banks may be forced to pay $50 million to $100 million to distribute new RSA SecurID devices, according to Avivah Litan, at Gartner Inc. The full Department of Homeland Security report will be released late this year – providing someone doesn’t hack the system and leak it earlier of course! So it goes.