1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Don’t count on people to prevent data breaches

Discussion in 'CSO' started by RSS, Apr 24, 2015.

  1. RSS

    RSS New Member Member

    Your company has been breached and your executives are in denial.

    That is the phrase that came to mind the other day during breakfast at RSA with Intel’s security organization where I overheard the following story. My ears perked up when I heard the word “spearfishing,” which was key to a personal story being told by one of the Intel executives. Spearfishing is when an attack specifically targets someone in the firm in order to steal their credentials and/or compromise their hardware.

    MORE ON CSO: 10 mistakes companies make after a data breach

    Apparently, the Intel exec received an email with a PDF document from an alleged Chinese graduate student. The email contained personal information on the graduate program the executive had been in and enough personal information about the school that it looked legitimate. It requested he review the attached dissertation in PDF form. The PDF itself didn’t trigger any alarms and looked harmless but instead of opening it he sent it down to the McAfee lab to see if it was hostile.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page