The outer page of the Times of India Nov 6, 2010, in a sensational headline boldly proclaimed “Porn Surfing a cyber risk, babus told”. The article further went on to allege that several officials used official desktops to surf objectionable sites on the Internet and download material on to their desktops. Downloaded material may include harmful malware which is able to export key data from these desktops to foreign agencies thereby compromising government policy and national security.
http://timesofindia.indiatimes.com/india/Porn-surfing-a-cyber-risk-babus-told/articleshow/6873827.cms and http://www.dnaindia.com/india/report_uttar-pradesh-babus-get-naughty-surf-porn-in-office-hours_1416392
In a similar incident, on 21 Jun 2010 the Washington times broke the story of the fictitious female nicknamed the cyber mata hari who created a fictional facebook page. Robin Sage, according to her profiles on Facebook and other social-networking websites, was an attractive, flirtatious 25-year-old woman working as a "cyber threat analyst" at the U.S. Navy's Network Warfare Command. Within less than a month, she amassed nearly 300 social-network connections among security specialists, military personnel and staff at intelligence agencies and defense contractors. Robin did not exist. Her profile was a ruse set up by security consultant Thomas Ryan as part of an effort to expose weaknesses in the nation's defense and intelligence communities - what Mr. Ryan calls "an independent 'red team' exercise."
Both these examples highlight the susceptibility of senior officials to social engineering techniques due to their lack of security awareness, weak or inexistent corporate security policies, poor enforcement and the adequate investment in technical controls to prevent and monitor access to objectionable internet sites and download. Although the focus on the articles was on government and defense, the same holds true in the corporate world.
No comments:
Post a Comment