Lots of excitement in the news in the past weeks. Organizations such as RSA, Epsilon, and Oak Ridge National Laboratory were all compromised via spear phishing attacks. Just recently Sony's 77 million registered users of Playstation Network were compromised, potentially including their passwords. If that is the case, and if Sony's subscribers are using the same passwords for other accounts (such as their banks or at work) this could expose individuals and organizations to greater risk. It appears that attacks are getting more sophisticated and targeted. It also appears that the human is becoming more and more a critical element. By making people understand that they are target and how they will be attacked, we can greatly reduce risks such as spear phishing. By teaching people to go beyond just using complex passwords, but also being careful how they use them and where, we can mitigate the impact of events such as Sony.
About the Author
Lance Spitzner
Director, SANS Security Awareness
Lance Spitzner has over 20 years of security experience in cyber threat research, security architecture, awareness and training. He helped pioneer the fields of deception and cyber intelligence and founded the Honeynet Project. In addition, Lance has published three security books, consulted in over 25 countries and helped over 350 organizations build programs to manage their human risk. Lance is a frequent presenter, serial tweeter ( @lspitzner ) and works on numerous community security projects. Mr. Spitzner served as an armor officer in the Army's Rapid Deployment Force and earned his MBA from the University of Illinois.