--Originally published at Diego's Password
I want to focus this blog post on the talk we had last session. It was surprising and reveling that the bast majority of attacks are either social hacks or just due to mistakes and bad practices. Such as the password in the monitor.
I think it’s pretty clear what unintentional security issues are, at the end not everyone is prepared and has knowledge of the threats we all face everyday and how to protect ourselves. I want to talk about the ways that we as engineers and probably employers have to prevent this issues.
There’s a study from the Software Engineering Institute called Unintentional Insider Threats: A Foundational Study. I’ll link it here. It is very interesting, they talk specially about the human factor and common mistakes. I’ll base this blog post on that paper.
This paper is a research of the unintentional security issues, it’s reasons and how to prevent them. Here’s their definition.
An unintentional insider threat is (1) a current or former employee, contractor, or business partner (2) who has or had authorized access to an organization’s network, system, or data and who, (3) through action or inaction without malicious intent,1 (4) causes harm or substantially increases the probability of future serious harm to the confidentiality, integrity, or availability of the organization’s information or information systems.
Lets review the point number 3. It’s basically saying that it wasn’t the employee intention to harm the company, but he made an action that caused it. Going along with the article, it displays the specific actions that are causing the issues and in which percent. Some of the reasons investigated are the followings.
- Sensitive information posted publicly on a website, mishandled, or sent to the wrong party via email, fax, or mail.
- An outsider’s electronic entry acquired through social engineering and carried Continue reading "Unintentional Insider Threats"