Lots of excitement in the news in the past weeks. Organizations such as RSA, Epsilon, and Oak Ridge National Laboratory were all compromised via spear phishing attacks. Just recently Sony's 77 million registered users of Playstation Network were compromised, potentially including their passwords. If that is the case, and if Sony's subscribers are using the same passwords for other accounts (such as their banks or at work) this could expose individuals and organizations to greater risk. It appears that attacks are getting more sophisticated and targeted. It also appears that the human is becoming more and more a critical element. By making people understand that they are target and how they will be attacked, we can greatly reduce risks such as spear phishing. By teaching people to go beyond just using complex passwords, but also being careful how they use them and where, we can mitigate the impact of events such as Sony.
About the Author
Lance Spitzner
Director, SANS Security Awareness
Lance has over 20 years of security experience in cyber threat research, awareness and training. He invented the concept of honeynets, founded the Honeynet Project and helped pioneer the field of cyber intelligence. Lance has published three security books, consulted in over 25 countries and helped hundreds of organizations establish mature security awareness programs. Lance serves on the Board for the NCSA, is a frequent presenter, serial tweeter ( @lspitzner ) and works on numerous community security projects. He served as an armor officer in the Army's Rapid Deployment Force and earned his MBA from the University of Illinois.