Flex-Internet CU Matters

“You are the weakest link”

Posted in Introduction by brodak on the June 9th, 2006
Viagra Product Insert Evista Osteoporosis Cancer Is Lexapro A Good Ssri The New Adventures Of Rainbow Brite Imitrex No Prescription Viagra Cod Nizoral Shampoo 20 Mg Lexapro Cause Weight Loss Medrol And Per Year Clas On Broadway Buy Soma Saturday Delivery Is There A Generic For Cozaar Generic Cialis In Shanghai Zoloft And Respiratory Depression Generic Viagra 50mg How To Discontinue Prevacid Number Of Lexapro Prescriptions Written Aphex Twin Ventolin Calcium Coral Discount Plus Cordarone Tablet Coumadin Dangers Lisinopril Bloodpressure Med Buy Prescription Tramadol Without Prilosec 14 Day Crestor Coq10 Supplement Johnson Syndrome Lamictal Cheap Viagra In India Mobic Pros And Cons Synthroid What Time Of Day Amaryl And Side Effects Hgh Parish Clarinex Tab 5 Mg Aropax And Augmentin Tpa Stroke Viagra Chest Pain And Levaquin Cephalexin Sitafects Before And Afters Of Breast Augmentation Cheap Prices On Propecia Hgh Bodybuildng Genaric Viagra From Inda Prevacid 30mg Side Effects Zithromax Defined Zantac 150 Dosage Does Synthroid Cause Allergis Reactions Genf 20 Hgh What Eats Hoodia Aleve And Liver Disease Problems With Topamax Viagra Suppositories Heparin Ivf Sleep Apnea Side Effect Of Lexapro

In recent television game show history this term was used and abused by its ornery British host Anne Robinson. Today this statement could be applied to a surprising amount of Credit Union employees as well. As the security intrusions in the Banking industry have been adequately documented and reported, the recent publication of the results of a true social engineering experiment within a Credit Union are not surprising and should be met with an equal amount of outrage and trepidation.

I believe it is not “if” a Credit Union is compromised but “when.” Daily, as an administrator of several IDS (Intrusion Detection Systems) for our Credit Union clients, I see my fair share of malware and spyware “phoning home” from CU employees’ desktop workstations. Additionally, in recent months we’ve seen an escalation in attempts to “phish” Credit Union members and separate them from their private financial data. We’ve even seen the “de rigeur” encryption of data on the backend being spurned because of the time it takes for a CU employee to deal with the apparent deluge of lost password requests. The metaphorical icing on the cake is the prevalent Credit Union reliance on Microsoft’s notoriously porous browser, Internet Explorer, for in-house web browsing.

In future posts, I will examine why I adamantly feel Education is a powerful countermeasure against these human engineering and phishing attempts. I also hope to offer some security suggestions (some glaringly obvious, others not) which I conceive will be useful for admins, managers, and employees alike. In the meantime, let’s all plug the USB Flash drive we found in the Target parking lot into our home PCs and see what damage ensues…

2 Responses to '“You are the weakest link”'

Subscribe to comments with RSS or TrackBack to '“You are the weakest link”'.

  1. Trey Reeme said,

    on June 10th, 2006 at 9:20 am

    Brandon,

    I couldn’t agree more about education being the best defense against data theft. To combat social engineering attacks, it’s not an issue of “let’s put JBWeld in our USB slots” - it’s more about educating all staff on the problems that arise when putting flash keys, CDs, iPods, or anything similar from an untrusted origin into a computer.

    And the social engineering attacks are coming. This story has raced through the blogosphere with headlines like “Bank Hacking”, “iPOD and USB Hacks - This sounds like fun. Scary fun”, and “I need some cheap USB thumb drives!” It’s even on Engadget right now, and whoa it was the fourth most popular story this week on Digg. Gulp.

  2. Brandon said,

    on June 11th, 2006 at 12:22 am

    True - great point about the iPods being a convenient route for data thieves. I think it is important to note that there is a reason for the corporate world and enterprise IT to disallow iPods or even personal laptops on their LANs.

    I do believe it is only a matter of time before we see a successful intrusion or theft. I think often Credit Unions fall prey to naivety and to the notion of a, “We’re small; it will never happen to us” mentality. Nothing could be further from the truth - it’s time for all of us to be even more vigilant in our online dealings.

Leave a Reply