Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Security Experts, Not Users, Are the Weakest Link
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
paul.dittrich
100%
0%
paul.dittrich,
User Rank: Strategist
3/1/2019 | 11:28:44 AM
A badly-flawed analogy
Using CFO or COO as an example of effectively managing people-based security risks is a flawed analogy and very unfair to CISOs / CIOs.

The CFO has a very strong and extensive set of detailed legal and regulatory requirements which codify many years (centuries?) of experience countering bad actors both internal and external.  The solutions are well known and CFOs enjoy a very high success rate of preventing or quickly detecting problems.

The COO has an alphabet soup of groups (again, based on many years of experience) to provide detailed guidance on how to mandate "safe" working conditions and processes.  And the COO is very unlikely to worry about a single human crippling or even destroying the entire company.

The CISO/CIO has much weaker legal / regulatory support to handle a threat landscape which is still rapidly evolving.  And their worst nightmare is a single user who either willfully or accidentally causes a major problem - a breach or an outage.

Nor do the CFO and COO have to worry about a CEO who never ever says "No" to a developer.....
REISEN1955
0%
100%
REISEN1955,
User Rank: Ninja
3/1/2019 | 10:43:08 AM
Different category
This is argumentative if you place a user on the same platform as a security expert.  They are entirely different animals.  Some users, no matter how much education is thrown at them - and we need more of that - listen up Security experts - do NOT get it ever.  They won't.  Why?  A thousand reasons, most ignorant of the tech stuff and some just live that way.  Security experts know more than users of course but have a different realm of responsbility.  WE know not to click on an attached invoice - but put a whitelist or watchlist in front of us and we are on a different planet.  No - we are both either as weak or strong as we choose to be. 
<<   <   Page 2 / 2


COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/17/2020
APT Groups Set Sights on Linux Targets: Inside the Trend
Kelly Sheridan, Staff Editor, Dark Reading,  9/11/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5605
PUBLISHED: 2020-09-18
Directory traversal vulnerability in WHR-G54S firmware 1.43 and earlier allows an attacker to access sensitive information such as setting values via unspecified vectors.
CVE-2020-5606
PUBLISHED: 2020-09-18
Cross-site scripting vulnerability in WHR-G54S firmware 1.43 and earlier allows remote attackers to inject arbitrary script via a specially crafted page.
CVE-2020-5628
PUBLISHED: 2020-09-18
UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, if the access destination is a malicious website, the user may fall victim to the social engineering attack.
CVE-2020-5629
PUBLISHED: 2020-09-18
UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via a malicious App created by the third party. As a result, if the access destination is a malicious website, the user may fall victim to the social engineering attack.
CVE-2020-25756
PUBLISHED: 2020-09-18
** DISPUTED ** A buffer overflow vulnerability exists in the mg_get_http_header function in Cesanta Mongoose 6.18 due to a lack of bounds checking. A crafted HTTP header can exploit this bug. NOTE: a committer has stated &quot;this will not happen in practice.&quot;