Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
In his keynote to the RSA 2009 conference, Brian Truskowski, general manager of IBM's Internet Security Systems (ISS) business, told delegates that despite all the improvements in security technology the human element was still the key weakness in any system.“We need to admit humans will always fall for a good hoax, then we need to accept it and move on,” he said.“Humans are an infinite threat to security. This is why security has moved to the machine/human interaction point, chiefly the browser and the application.” He gave the example of Kevin Mitnick, one of the most famous hackers of all time. Mitnick himself admitted that his success was down less to his computer knowledge and more to an ability to fool people with social engineering.Truskowski said that for security to be effective it needed to be built into the enterprise from the ground up and be responsive. Too many vendors focused just on blocking one attack vector when a more flexible approach was needed.The situation was similar to the Titanic, he said. The ship builders focused on strength, speed and luxury and ignored maneuverability, which proved fatal for many of the passengers.“Too many chief executives see the iceberg coming but can't do anything about it,” Truskowski said.Companies should focus on building flexible network security and consider offloading part of the business to managed security vendors, he continued, as there are simply not enough good security personnel available for IT departments to hire.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.