Growing security incident
The US Computer Security Association claims in the 2001 Computer Crime Survey report that 85% of organizations have discovered computer security incidents in the past 12 months in the organizational organization of the survey. This is an amazing number, only 15% of the agency did not find safety incidents in the past year. Another number is equally amazing, 64% of the agency causes financial losses due to computers, and more than one-half of the financial loss enterprises in more than one year.
My experience tells me that this number is somewhat exaggerated and expressed doubts about the research results of this survey. But this is not the risk of security incidents, but in contrast, it is very big. Those who have not taken into account will have problems sooner or later. Most companies are configured by the security product owners to cope with amateur intruders, such as young people known as "script kid". In fact, these software that use others and becomes a person who is a real hacker, most of the case can only cause some trouble. Real losses and threats come from experience in experience, clear goals, and attackers driven by commercial interests. These people only focused on a goal at a time, and unlike amateur invaders attempt to enter as many systems as possible. Amateur hacker value, and professional hackers care about the quality and value of information.
Certification equipment (identity authentication), access control (control management of file and system resources) and intrusion detection system (computerized anti-theft device), is necessary for company security protection. However, the current company has less investment in the arrangement of security countermeasures to protect companies from attacks than their flowers in coffee.
As the sinful heart is unable to resist temptation, the hackers are in mind to find the weakness of the powerful security system. In many cases, they put this kind of thought on people.
Spoof use
Many people say that the shutdown computer is a safe computer, but this is wrong, find an excuse to let people go to the office. It is. Your opponent not only has a way to get what he wants from you, this is just a problem. Patient, personality and persistence, this is the entry point of deceived art.
To beat security measures, an attacker, intruder, or a social engineer must find a method to defraud information from the trusted user, or the access to the trace. When the trusted user is deceived, influenced, and the sensitive information is used to spit, or make an improper move, so that the attacker has a vulnerability to drill, what kind of safety technology can not protect your business . Just like password experts sometimes bypass encryption technology by looking for vulnerabilities, social engineers by deceiving your employees to bypass security technology.
Trust the shortcomings
In most cases, successful social engineers have strong interpersonal communication skills. They are charming, polite, discuss, and have fast establishment of privileges. A experienced social engineer, using his own strategy, tactics, almost any information that he is interested in. Care technologists have designed a safety solution to minimize the risk of using computer, but there is no solve the largest vulnerability - human factors. Although we are very smart,
But for our humanity - you, me, his security is the most serious threat, from we are between each other.
Our national character
We don't care about danger, especially in the West, the United States is even more. We have not been trained to others, we accept the "neighbor of love" (translator Note: This sentence is from the "Bible" education, people must trust and faithfully trust each other. The security agencies like the community make people lock the door and the door. This situation is obvious, but it seems to be ignored by many people who are willing to live in the ideal world until they are injured.
We know, not all people are honest, friendly, but we often imagine others in this life. This cute ignorance has always been an American lifestyle, and it is very difficult to give up this habit. As an American, free and most suitable places that are locked and keys are the most unnecessary place, this concept has been deeply rooted. Most people hold the idea that they will not be deceived is that the possibility of being cheated is very low, and the attacker uses this psychology. It will not cause the reasonable reason to listen to it, fully use the deceived. trust. Institutional ignorance
Ignorance is part of our national character, which can easily see when the computer is backcrottled. AppaNet (US Department of Defense, US Department of Defense), the formerity of the Internet, is used to share information between government, scientific research and educational institutions. Its goal is information sharing and scientific and technological progress. Many educational institutions have thus established almost no safety measures. Early computer system. A famous software develops liberals, Richard Stormman, and even set the password for his account. However, with the rise of Internet e-commerce, great changes have changed due to the dangers caused by Internet fragile safety measures.
Use more security technology to solve the human security factor, take today's airport as an example, safety has become the primary measure, but we are still warned by the media report, or someone can avoid safety measures, carry potential weapons Detection. During the period of the airport, how did this happen? Are those metal instruments fail? No, the problem is not in the machine, the problem is, the machine is manipulated by people. Although officials in the airport can deploy the National Guard and install the detector and facial identification system, how to train a first-line security personnel correctly check the passengers more important. The government, business, and educational institutions in the world have the same problem. Although professional security personnel in all localities do not dare to slack off, the information is still vulnerable, and attackers with social engineering skills are deemed to be picking. Unless the weakest link in the security chain - human factors, it is reinforced.
Now, we need to stop fantasy than at all times, and we have deepen the skills of attacking computer systems and network confidentiality, integrity, and practicality. We have recognized the necessary active defense is to accept and learn safety.
The illegal invasion of your privacy, ideology and company information system seems to be very far until it really happens. To avoid expensive costs, all of our people have to deepen their understanding, experience, maintain alert, and actively defend our information assets, personal information, and national health infrastructure. Now, we must implement rigorous, careful fortification.