Paragraph One:
Time-to-exploitation is the elapsed time between when vulnerability is discovered and when it's exploited. That time has shrunk from months to minutes so IT staff have ever-shorter timeframes to find and fix flaws before being compromised by an attack. Some attacks exist for as little as two hours, which means that enterprise ITsecurity systems must have real-time protection.
The Information Security Forum (securityforum.org), a self-help organization that includes many Fortune 100 companies, compiled a list of the top information problems and discovered that nine of the top ten incidents were the result of three factors:
- Mistakes or human error
- Malfunctioning systems
- Misunderstanding the effects of adding incompatible software to an existing system
Unfortunately, these factors can often overcome the IT security technologies that companies and individuals use to protect their information.
Discuss the major objectives of a defense strategy? What is a firewall? What can it not protect against?
Paragraph Two:
Malware creators have used social engineering to maximize the range or impact of their viruses, worms, etc. For example, the ILoveYou worm used social engineering to entice people to open malware-infected messages they get in their email. The ILoveYou worm attacked tens of millions of Windows computers in May 2000 when it was sent as an e-mail attachment with the subject line: ILOVEYOU. Often out of curiosity, people opened the attachment named LOVE-LETTER-FOR-YOU.TXT.vbs-releasing the worm. Within nine days, the worm had spread worldwide crippling networks, destroying files, and causing an estimated $5.5 billion in damages.
Notorious hacker Kevin Mitnick, who served time in jail for hacking, used social engineering as his primary method to gain access to computer networks. In most cases, the criminal never comes face-to-face with the victim, but communicates via the phone or e-mail.
Research Kevin Mitnick on the Internet. What was he able to accomplish and how did he do it? Why did it take such a long time to be caught? How was he caught?