Network Computing Dark Reading

Advertise

DRTV

Optimizing the Security Awareness of Your End-Users

Get Link to this Video

Get HTML to Embed this Video

100%

End-users can be the weakest link in your infosec defense. But according to KnowBe4 founder and CEO Stu Sjouwerman, there is something you can do about that – if you implement the right behavioral diagnostics and focus your training needs on individual users’ actual weaknesses.

Comment |

Email This |

Print |

RSS

Comments

Newest First | Oldest First | Threaded View

[close this box]

100%

REISEN1955,
User Rank: Ninja
4/19/2018 | 9:37:44 AM

Quite true

Not only are end users the weak link but they are the PRIMARY link as well. All it takes is one user opening one infected PDF with ransomware and horror results. One problem is that firms would love to restrict web browsing to "company" approved sites which would be wonderful IF not for human nature and life itself. Unfortunately, life HAPPENS and while users should not free browse everywhere, some outside browsing WILL HAPPEN not matter what one says. Limit it wheneve and wherever possible. BTW - if a firm totally locked down browsing, then workers would start to quit in bits and pieces too. So you have to allow for that. Secondly, good education on spotting when things ARE going south would help and basic education on email protocol. If you can hit 95% knowledge transfer then you have a good situation.

Reply | Post Message | Messages List | Start a Board

Hot Topics

Editors' Choice

US Judge: Police Can't Force Biometric Authentication

Dark Reading Staff 1/15/2019

The Security Perimeter Is Dead; Long Live the New Endpoint Perimeter

Ofer Amitai, CEO, Portnox, 1/17/2019

How the US Chooses Which Zero-Day Vulnerabilities to Stockpile

Ricardo Arroyo, Senior Technical Product Manager, Watchguard Technologies, 1/16/2019

Live Events

Webinars

More UBM Tech
Live Events

Drive Your Business and Career Forward at Interop19

Interop 2019 - The Unbiased IT Conference

Enterprise Connect 2019 - Build Your Comms & Collaboration Future

White Papers

Nobody's Fool: Combating Social-Engineering Risks

ExtraHop Reveal(x) Technical Architecture

6 Steps SIEM Success

2018 Threat Intelligence Report

NotPetya: One Year Later

More White Papers

Video

All Videos

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: "I don't mind him using my phone. I mind that he's able to unlock it with FaceID."

Cartoon Archive

Current Issue

The Year in Security 2018

This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

How Enterprises Are Attacking the Cybersecurity Problem

Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.

Download Now!

How Enterprises Are Using IT Threat Intelligence

0 comments

Online Malware and Threats: A Profile of Today's Security Posture

0 comments

The Risk Management Struggle

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2019-3906
PUBLISHED: 2019-01-18

Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents.

CVE-2019-3907
PUBLISHED: 2019-01-18

Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password).

CVE-2019-3908
PUBLISHED: 2019-01-18

Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data.

CVE-2019-3909
PUBLISHED: 2019-01-18

Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change the credentials without vendor intervention.

CVE-2019-3910
PUBLISHED: 2019-01-18

Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.

Terms of Service
Privacy Statement
Legal Entities