Pillar to Post: Peter Welander's Blog 
Recent Posts
- 3.6 billion gallons per day
- China's new slogan
- India's lessons of high energy costs
- Risks of wireless pioneering
- Has oil peaked?
- Fighting global warming like sheep
- Go to a virtual trade show & conference
- Happy World Environment Day!
- Airlines struggle with fuel cost too
- GM acknowledges painful reality
Recent Comments
- Patrick Rafter on Go to a virtual trade show & conference
- Bubba210 on Where your gas money goes
- Mark on GM acknowledges painful reality
- Qukler on I am not a socialist
- rich merritt on I am not a socialist
Most Commented On
- Chinese pharma plants go un-inspected? (2)
- I am not a socialist (2)
- GM acknowledges painful reality (1)
- Go to a virtual trade show & conference (1)
- Where your gas money goes (1)
Archives
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
Blog
Link This | Email this | Blog This | Comments (0)
IRS employees flunk cyber security test
Imagine you are sitting at your desk and the phone rings. The voice on the other end sounds a little bit agitated as if he is trying to deal with a crisis. "This is Dexter down in IT," he says. "We're having a network problem in your department and I've got to get this fixed right away. I need you to give me you login name."
Since most of us are cooperative at heart, we comply and try to help the guy out by giving our login name. "Thanks. Now, I need you to change your password to 'user34458' in the next ten minutes. Once you've done that, I can fix the problem on your network segment."
OK, if you've had any cyber security training, you should know that you really shouldn't do that sort of thing. Real network administrators shouldn't ask you to change a password. This kind of thing would never work in your plant or office, right?
The IRS recently did a test just like this of 102 of their people and found that 61 of them were very cooperative indeed and did exactly what the caller suggested. A few called their IT departments to find out if it was on the level. You can read the full report. It's 20+ pages but you'll get the gist in the first few.
Would your people do any better? Do they know when they're being subjected to "social engineering?" All the system firewalls in the world can't stop a hacker if your people are letting him in the front door. Never underestimate the potential for a human being to be the weakest link of the security chain.
IRS employees flunk cyber security test
August 8, 2007
Imagine you are sitting at your desk and the phone rings. The voice on the other end sounds a little bit agitated as if he is trying to deal with a crisis. "This is Dexter down in IT," he says. "We're having a network problem in your department and I've got to get this fixed right away. I need you to give me you login name."Since most of us are cooperative at heart, we comply and try to help the guy out by giving our login name. "Thanks. Now, I need you to change your password to 'user34458' in the next ten minutes. Once you've done that, I can fix the problem on your network segment."
OK, if you've had any cyber security training, you should know that you really shouldn't do that sort of thing. Real network administrators shouldn't ask you to change a password. This kind of thing would never work in your plant or office, right?
The IRS recently did a test just like this of 102 of their people and found that 61 of them were very cooperative indeed and did exactly what the caller suggested. A few called their IT departments to find out if it was on the level. You can read the full report. It's 20+ pages but you'll get the gist in the first few.
Would your people do any better? Do they know when they're being subjected to "social engineering?" All the system firewalls in the world can't stop a hacker if your people are letting him in the front door. Never underestimate the potential for a human being to be the weakest link of the security chain.
Posted by Peter Welander on August 8, 2007 | Comments (0)
Advertisement
Advertisements
