[ISN] Why Effective Computer Security Means Covering All Your Bases

http://www.eweek.com/security/effective-computer-security-means-covering-all-your-bases.html By David Needle eWEEK.com 2015-01-15 PALO ALTO, Calif. — How safe is your company from malware attacks and security breaches? As the technology and methods behind cyber-attacks are constantly evolving, it’s virtually impossible for any company to accurately say it’s completely safe, but there are steps you can take to minimize threats. Ganesh Krishnan, who runs security at the popular job site and social network LinkedIn, shared some of the lessons he’s learned over a 20-year career in security, including stints at Intel and Yahoo. His “tech talk” was part of a meet-up here this week at online payments firm WePay. The first point he emphasized is that security teams are by definition outnumbered. “There are a lot more hackers than security people. Security has to be everyone’s responsibility,” he said. This maxim extends to both technical and non-technical employees, as both are needed to help defend against a growing range of threats including so-called phishing attacks. Phishers use social engineering, email and social media to gain access to corporate networks. For example, a phisher might contact a relatively low-level employee under false pretense (e.g., pretending to be an authorized outside contractor), guess the employee’s password and get into the network. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail