The largely accepted view and standard is that the protection of information assets is a technology function and hence in many organizations all “controls” are within the area of Information Technology.

While technology is an important aspect of any information security program strategy, it is at best only one of three legs of the footstool. Many information compromises start with threats that arise from weak procedures, and may include intentional or unintentional human acts.

Social engineering is the act of obtaining confidential information through the “art of deception”.  Most people have heard of or experienced phishing attacks through email.  The email entices the recipient to visit a website that downloads malicious software to the user PC or tricks the individual into providing sensitive information such as login credentials to business or personal accounts.

Vishing attacks, which are social engineering exploits delivered by phone, are frequently launched against customer service departments, help desks, and other business functions within corporations.  With caller identification easily spoofed and displaying the desired inbound number on the recipient’s display, the attacker poses as someone they are not in attempt to extract sensitive information.    The goal of the attacker may be to gain access to the company’s infrastructure, bank accounts, personal and private information or a variety of other reasons.  It is hard to image how technology can prevent such attacks if the employee is unaware and untrained.

Organizations that fail to look at risk to their information assets from a global perspective by analyzing business processes, identifying potential exposures, and determining the necessary controls to protect their information assets run a high risk of repeat and long-term compromise by both insiders and external attackers.

A well-balanced plan integrates risk management principles and focuses on a blend of preventative, detective and response measures across people, process and technology.   Establishing a plan starts with awareness at the business leadership level, analysis of the threats, and the development robust business-centric mitigation strategies.    While all compromises cannot be prevented, an organization that prepares will detect malicious activity sooner, limit exposure, protect its brand, and recover in a precise preplanned manner

The thought started as I watched in amazement as each passenger on my flight readily handed over his or her credit card to purchase a snack. Many didn’t need it, certainly not the person next to me, but that’s off the point. Those who tried to pay in greenbacks were told the airline does not accept cash.

Does this trouble you? It does me; on many levels.  Forget for a moment the technical aspects, and the information security of credit card data.  What is happening to data privacy and what does it ultimately mean?  Does the average person think about privacy as they readily hand over their cards?

You may answer that I have nothing to hide and that’s great but do you know what fingerprints you are leaving, where, and how they might be ultimately used against you without your permission and or knowledge? What other items exist in our lives that intrude on our privacy and how might they be utilized to create the ultimate compromise?

In my mind privacy clearly has been compromised by technology.  That compromise is ultimately leading to our collective demise.

As individuals we espouse to love our freedom as it slowly sails out of sight.  At what point do we reach what author Malcolm Gladwell refers to as “The Tipping Point”, and how might that affect your life?  Putting back on my Information Defense hat, what unforeseen event(s) might occur as information continues to be collected at alarming rates and it is used for ill will?

Clearly fraud has been around since the beginning of time.  The manner in which it is perpetrated continues to morph and information technology has been a great enabler.  Misuse by officials, unintended mistakes, or deliberate actions might damage our lives irreparably.

Every step we take on a journey is tracked. A simple vacation or business trip may lead to hundreds of data points collected about you including locations, photographs, purchases, meals, beverages, conversations, entertainment sources, etc.  The more technology expands the less that goes untracked and the less privacy we have.

What I am concerned about is how might your person be compromised?  What about your business and its assets, or your clients?

I’d like to pose more questions but I’ve got to run my airline carrier just emailed me with new offers knowing I have returned home from my recent trip.

Find out how to Prepare, Prevent and Respond, contact us.