Security Management Strategies for the CIOAccess "Gaining awareness to prevent social engineering techniques, attacks"
This article is part of the May 2011 issue of Comprehensive information security programs vital for PCI compliance
On the surface, the email looked completely legitimate. It appeared to come from an employee within the U.S.-based Fortune 500 manufacturing firm and talked about a corporate initiative the CEO was pushing. Four high-level executives received the email; one clicked on a link embedded in the message. That was all the attackers needed. The unwitting click unleashed malware that infected the executive’s computer and gave them a foothold into the company’s network, where they sniffed for passwords and gained access to multiple systems. Until the FBI notified it, the manufacturing firm -- which was negotiating to acquire a Chinese company -- had no idea the intruders were stealing data on a weekly basis. The stolen data was highly sensitive – critical emails with details of the negotiations. In the end, the company scuttled its acquisition plans, says Frank Nagle, senior consultant at MANDIANT, an Alexandria, Va.-based information security firm that investigated the case. The attack, which happened two years ago, is a stark example of the kind of social ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Navigating international data privacy laws
by Cynthia O’Donoghue, Katharina A. Weimer and Amy Mushahwar
Companies should revisit streamlined global data operations with an eye toward revamping compliance.
-
Robust information security program key to PCI compliance requirements
by Eric Holmquist
A strong information security program that goes beyond minimum standards will ease compliance.
-
Navigating international data privacy laws
by Cynthia O’Donoghue, Katharina A. Weimer and Amy Mushahwar
-
-
Gaining awareness to prevent social engineering techniques, attacks
by Marcia Savage, Editor
Cybercriminals are using social engineering fueled by social media to attack users and break into companies.
-
Smartphone encryption, authentication ease mobile management
by Robert Westervelt, News Director
New security tools allow companies to extend encryption and authentication to mobile devices.
-
Gaining awareness to prevent social engineering techniques, attacks
by Marcia Savage, Editor
-
Columns
-
Information security professionals and the resource gap
by (ISC)2 Advisory Board of the Americas Executive Writers Bureau
There’s growing demand for information security professionals, but where will these skilled people come from?
-
Information security job titles: Irrelevant to your career
by Lee Kushner and Mike Murray
Remember, potential new security roles are doled out based on experience and accomplishments, not some fancy title.
-
Breaches highlight need for better employee security awareness training
by Marcia Savage, Editor
Companies need to improve their employee security awareness training to fight today’s threats.
-
Information security professionals and the resource gap
by (ISC)2 Advisory Board of the Americas Executive Writers Bureau
More Premium Content Accessible For Free
Next-generation firewalls play by new rules
E-Zine
Firewalls started their journey to the next generation at about the same time as the Star Trek TV series. While the products have advanced with ...
Developing your endpoint security management transition plan
E-Handbook
This TechGuide will help you develop your endpoint security management transition plan. Articles focus on overcoming the challenges of Web-based ...
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...