Comment This is old news (Score 1) 191
This is surprising? I, and many others in the information security business, have been saying this for years. Most security threats come from inside. It's either malicious (the dude that made a CD with 100,000 credit card holders' information in India) or negligent (we can all think of those cases). The outside attackers can get to plenty of individual machines, but most companies are actually pretty secure against outside threats.
As a sysadmin many years ago, I learned two sayings that still hold true. "User is a four letter word". "User rhymes with loser (luser)".
At many companies, the phones will show you the caller ID information for inside calls. When I worked at an unnamed semiconductor company, it even showed if the person was calling from Sunnyvale, Singapore or Dresden. So verifying that it's Sally from HR was no problem.
Security, like most of IT, is viewed as a cost center. So they try to minimize expenses. And wind up losing money on the proposition. There are numerous papers out there on the value proposition of security. But upper management doesn't read them. They don't read anything.
As a sysadmin many years ago, I learned two sayings that still hold true. "User is a four letter word". "User rhymes with loser (luser)".
At many companies, the phones will show you the caller ID information for inside calls. When I worked at an unnamed semiconductor company, it even showed if the person was calling from Sunnyvale, Singapore or Dresden. So verifying that it's Sally from HR was no problem.
Security, like most of IT, is viewed as a cost center. So they try to minimize expenses. And wind up losing money on the proposition. There are numerous papers out there on the value proposition of security. But upper management doesn't read them. They don't read anything.
