A CSO’s quick guide to data security and disaster recovery

Pierluigi Stella: In my opinion, the top issue is the lack of knowledge on the part of users.  The reasoning is simple; a trojan is an executable; hackers can’t just send it to you – anyone with a shred of protection will block executables unless their source is well identified and authorized. So what they do is they craft emails which look almost real, and entice users to click on a link. That seemingly innocent act bypasses most protections, because the systems see it as a “user request”; and then we have game over – the trojan is downloaded and from that point on, the hacker is in control.  If the users were more aware of this form of social engineering and understood that they need to think before clicking, this strategy would be far less successful. Therefore, rather than chasing the next great technology, make it the year of security awareness, train your users to adopt a safer behavior, send them spoofed emails as part of the training, and make sure they all understand they need to stop clicking!  If it looks suspicious, it probably is. (Read more)