Don’t blame employees for social engineering attacks, says security expert

12:44 9th March 2010

Companies that fall so-called social engineering attacks should not blame employees, an internet security expert has said.

"The real problem is weak security procedures, but individuals tend to get blamed because it makes executives look better," Ira Winkler told attendees of RSA Conference 2010 in San Francisco.

Winkler, who is president of the Internet Security Advisors Group, urged businesses to make sure that security procedures are robust and include proper authentication and tracking mechanisms.

"The problem is that when individuals are blamed, the processes often remain unchanged and the vulnerability remains," he added.

In other news, a phishing campaign is targeting Twitter users to steal their passwords and hijack accounts, according to security firm Sophos.

The hijacked accounts are being used to spread money-making spam campaigns. Phishing links started to appear in humorous postings that began with internet phrases like "lol, this is funny" and "lol this you??"

Written by Hannah James

Related Articles

UK web users don't disagree with government regulation, survey suggests
The majority of UK web users are not opposed to the government getting involved in the regulation of the internet, a new survey for the BBC World Service has found.The poll, conducted by GlobeScan...

12:41 9 March 2010

IT staff don't ask managers for help, new survey reveals
Most IT workers would not turn to their managers for help, a new survey by the Chartered Management Institute (CMI) and the British Library has found.Fourty-two per cent of those asked said that...

11:58 8 March 2010

ICO calls for privacy protection
The value of personal information and privacy protection has been underlined in a new report released by the Information Commissioner's Office (ICO) this week.Information Commissioner Christopher...

11:56 8 March 2010