Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Utilities And Education The Most Bot-Infested Sectors
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
4/13/2015 | 1:02:05 PM
Re: Education enterprise users: a legion of hackers and victims.
I agree. Unless we find a way of demonstrating how a security threat may impact them personally students would be getting it. The same for employees when it comes to security awareness, we can continue to talk about it, many employees would not care about what happens to company's network or applications. 
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
4/13/2015 | 12:57:49 PM
Re: Not Surprising in Schools
Agree. You can even do gamification on the phishing test, it would be fun and informative, students would love that.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
4/13/2015 | 12:55:51 PM
Re: Not Surprising in Schools
I like the ideas of phishing test. That would help the individual, school and then companies who are hiring those students. Great way of starting security awareness.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
4/13/2015 | 12:53:35 PM
Botnet grade?
This is just my take on this. No need to introduce a new term to an already complex study of terminologies. There is no such thing called botnet grade, you just need to identify what vulnerabilities and threats you are facing and evaluate risk based on that, it is as simple as  Risk = Threats x Vulnerabilities. This is what we need to focus.
madhu jy
50%
50%
madhu jy,
User Rank: Apprentice
4/13/2015 | 7:03:22 AM
Re: Not Surprising in Schools
nice post
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
4/10/2015 | 1:29:58 PM
Re: Not Surprising in Schools
Ryan, I've read about those phisinng exercises and agree that it's a really solid way to get the message across-- (expecially when the execs flunk the test). Not sure how well they would translate to an academic environment. But there really seems to be an urgent need for that environment. 
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
4/10/2015 | 1:23:41 PM
Re: Not Surprising in Schools
@Marilyn. It's funny you should mention phishing test as many enterprises incorporate the same type of user awareness techniques. Many employees fail these tests but its the understanding afterwards that furthers their security presence. 

To your point about conducting a phishing exercise, I very much agree. Its a simple yet very interesting way of introducing people to security.

 
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
4/10/2015 | 1:17:21 PM
Re: Not Surprising in Schools
Most colleges require some kind of Technology 101 class for incomingn freshman, but judging  from my daughter' and her peers' information security savvy, the message needs to be much stronger. Maybe schools  should make them pass a phishing test before giving them access to the network..
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
4/10/2015 | 1:17:17 PM
Re: Not Surprising in Schools
Most colleges require some kind of Technology 101 class for incomingn freshman, but judging  from my daughter' and her peers' information security savvy, the message needs to be much stronger. Maybe schools  should make them pass a phishing test before giving them access to the network..
aws0513
50%
50%
aws0513,
User Rank: Ninja
4/10/2015 | 11:04:09 AM
Education enterprise users: a legion of hackers and victims.
Recently, a local large university hired a new CISO.

I told my boss I do not envy his task.  A university user community is comprised of staff, educators, and students.  The students are the vast majority of that population.  Because students do not have the culture of security that employees may have, they can be classified as either hackers or victims of hackers.

Moreover, many schools do not implement substantial security controls on their networks because students (and some educators) begin to squawk about "internet freedom" and "ability to conduct unfettered research".  BYOD has been common at univerities before it was an acronymn.  The students expect, and in many cases are expected, to bring their own systems to the campus.  I know of many campuses that have separated networks for students and staff/educators simply because of how dangerous the student side of the equation is.  

Admittedly, many colleges have acceptable use policies for their enterprise networks, but it is often difficult to enforce most of these policies because of how they are written or because the college does not have very effective monitoring or forensics operations.

I distinctly remember a discussion I had with a network technician that said (paraphrased) "If we began to knuckle down on students conducting unacceptable activities on the network, we would likely have far less students on the rolls."

So the challenge may be: How is it possible to engage students on what good security controls and practices provide?  If they understand the "why" factor of a security control they are not fond of, it may be easier to implement those controls while at the same time change behavior of students.

BTW...  as for utility companies not doing well in the research results...  there is no excuse.  IMHO the cause is an apparent lack of urgency on utilities to get their IT security house in order.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/14/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk
In this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7700
PUBLISHED: 2020-08-14
All versions of phpjs are vulnerable to Prototype Pollution via parse_str.
CVE-2020-7701
PUBLISHED: 2020-08-14
madlib-object-utils before 0.1.7 is vulnerable to Prototype Pollution via setValue.
CVE-2020-9228
PUBLISHED: 2020-08-14
FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information.
CVE-2020-9229
PUBLISHED: 2020-08-14
FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information.
CVE-2019-19643
PUBLISHED: 2020-08-14
ise smart connect KNX Vaillant 1.2.839 contain a Denial of Service.