Monday, November 29, 2004

Social engineering - where the user is the weakest link / The Register, 26 Nov 2004

http://www.theregister.co.uk/2004/11/26/social_engineering_security/
Fran Howarth, Bloor Research
Anyone who has been hit by a computer virus will be doubly wary of unexpected emails in the future that may contain viruses. So why do people still keep clicking on attachments? However much security technology a company deploys, human nature will always be the weakest link in the chain.
With the problem of spam growing daily, accounting for around 90 per cent of email traffic in the US by some estimates, companies are fighting an uphill battle to purge spam from their networks. But what is spam to one user is a legitimate communication to another. For example, a low-price mortgage offer might be just what one user had been waiting for, whereas another will find this an unwanted intrusion.
Many vendors offer technology that looks at emails to see if they contain code associated with known attacks and will block these from entering the system. However, many companies have a policy of quarantining suspicious emails so that users can decide for themselves whether or not to open them."