Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Thinking Like a Terrorist

    By
    Stan Gibson
    -
    October 22, 2001
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      The latest strategies IT managers are considering to protect their infrastructures from possible attacks go well beyond computer hardware.

      Since Sept. 11, the scenario building has led security-conscious users down three distinct paths: securing facilities, data and, especially, people.

      With mirrored facilities and data backups offering protection from outright attacks on buildings, the focus has shifted to the sorts of assaults with which users are more familiar—viruses and denial-of-service attacks—as well as more subtle attacks, such as infiltrating a large company with data saboteurs.

      Social hacking, as it is called, is far easier than most companies are willing to admit, said Christopher Leach, a partner with accounting company Grant Thornton LLP, in Chicago, which performs security audits for clients. In a test for one client, Leach pretended to be a worker returning from a coffee run. With both hands full, carrying two dozen doughnuts and coffee, he requested help opening a door leading to a secure floor and got it from an unsuspecting worker. “They didnt know me from Adam,” he said.

      Another social hacking ruse is to call in pretending to be the spouse of a sick employee who has security clearance and request a password on behalf of the spouse. Leach tried this successfully at a different company. “Both companies had policies in place, but they werent paying attention,” he said.

      “You have to make sure that everyone is checked in and checked out, including vendors and consultants,” said Paul Tinnirello, executive vice president for a leading information provider in the financial services industry and an eWeek columnist.

      “Sixty to 70 percent of attack vulnerability resides in the people area,” said John McCarthy, director of critical infrastructure services at KPMG, in Washington. McCarthy also said that most social hacking breaches are a result of not following correct procedures. “It has to do with people putting passwords on sticky notes and putting passwords into e-mail traffic,” he said.

      Although dealing with hack attacks and viruses has become commonplace, many companies are more alert to these threats in the wake of Sept. 11. “I asked my staff, How does someone get into this company electronically? I want to shut all the windows and doors,” Tinnirello said.

      Some of the proposed solutions can be Draconian. “The most obvious thing to do is to shut down your e-mail system and use it only for internal use,” Tinnirello said. He also suggested that companies might consider shutting down Internet surfing by employees.

      “Nimda scared the living daylights out of us. It was just a nuisance infection that had a salvo of four or five viruses in one,” said Tinnirello. “Destructive variants are a given.”

      While experts remain vigilant for new virus strains, Leach recommends strictly adhering to the practices of keeping virus scanning software up-to-date and making sure backups are done.

      Stan Gibson
      Stan Gibson is Executive Editor of eWEEK. In addition to taking part in Ziff Davis eSeminars and taking charge of special editorial projects, his columns and editorials appear regularly in both the print and online editions of eWEEK. He is chairman of eWEEK's Editorial Board, which received the 1999 Jesse H. Neal Award of the American Business Press. In ten years at eWEEK, Gibson has served eWEEK (formerly PC Week) as Executive Editor/eBiz Strategies, Deputy News Editor, Networking Editor, Assignment Editor and Department Editor. His Webcast program, 'Take Down,' appeared on Zcast.tv. He has appeared on many radio and television programs including TechTV, CNBC, PBS, WBZ-Boston, WEVD New York and New England Cable News. Gibson has appeared as keynoter at many conferences, including CAMP Expo, Society for Information Management, and the Technology Managers Forum. A 19-year veteran covering information technology, he was previously News Editor at Communications Week and was Software Editor and Systems Editor at Computerworld.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×