Human behaviour still the weakest link
Human behaviour still the weakest link
May/June Edition, 2008: As organisations increasingly look to strengthen operational security, we urgently need to move beyond the basics of anti-virus, anti-spam, intrusion detection and firewall protection.
As acknowledged world expert in cryptography, Bruce Schneier, sees it, the mathematics behind most security products is strong. However, poor programming habits and implementation – coupled with our human tendency to want to circumvent security measures – means malicious software and hackers can still penetrate supposedly secure systems.
On the one hand, we tend to avoid security measures if we feel it stands in the way of our working quickly and ‘efficiently’. And on the other, much security fails simply because we don’t implement it correctly – leading to flaws such as programming backdoors.
This is evident in the constant?flow of security updates to products?like Microsoft’s operating systems,?and the constant need for virus and malware updates.
Another major security problem arises when trust is abused internally by people with all the appropriate?security clearances.
Schneier is emphatic: these problems will never be resolved satisfactorily, and organisations need to instigate policies and procedures for appropriate incident responses to ensure evidence of security breaches and computer-based fraud isn’t lost. They also need to arm themselves with appropriate tools for forensically sound investigation, the results of which must be able to stand up in court if challenged. Such tools can also be?valuable for document retention and eDiscovery compliance.
Developers such as AccessData (with its recently released FTK 2.0 product), Tableau (with its T35e and T35e R/W SATA & IDE Forensic Bridge), Intelligent Computer Solutions, and others all provide tools and training that allow you to correctly investigate security breaches without losing vital evidence.
David Lewis is the principal of Fulcrum Management, a provider of technology, tools and training in forensic computer examination, evidence acquisition and high-speed disk duplication.