Access your Pro+ Content below.
Gaining awareness to prevent social engineering techniques, attacks
This article is part of the May 2011 issue of Information Security magazine
On the surface, the email looked completely legitimate. It appeared to come from an employee within the U.S.-based Fortune 500 manufacturing firm and talked about a corporate initiative the CEO was pushing. Four high-level executives received the email; one clicked on a link embedded in the message. That was all the attackers needed. The unwitting click unleashed malware that infected the executive’s computer and gave them a foothold into the company’s network, where they sniffed for passwords and gained access to multiple systems. Until the FBI notified it, the manufacturing firm -- which was negotiating to acquire a Chinese company -- had no idea the intruders were stealing data on a weekly basis. The stolen data was highly sensitive – critical emails with details of the negotiations. In the end, the company scuttled its acquisition plans, says Frank Nagle, senior consultant at MANDIANT, an Alexandria, Va.-based information security firm that investigated the case. The attack, which happened two years ago, is a stark example ...
Features in this issue
Companies should revisit streamlined global data operations with an eye toward revamping compliance.
Cybercriminals are using social engineering fueled by social media to attack users and break into companies.
A strong information security program that goes beyond minimum standards will ease compliance.
New security tools allow companies to extend encryption and authentication to mobile devices.
Columns in this issue
There’s growing demand for information security professionals, but where will these skilled people come from?
Remember, potential new security roles are doled out based on experience and accomplishments, not some fancy title.
Companies need to improve their employee security awareness training to fight today’s threats.