Security: a business problem
Security is a people problem. OK, you already knew that. But recently the SANS Institute finally recognized it too, in its list of the top 20 Internet security risks of 2007. Topping the chart of new, hard-to-defend-against risks were vulnerabilities in custom Web applications and (drum roll, please) "gullible, busy, accommodating computer users, including executives, IT staff and others with privileged access."
According to the SANS report, cybercrooks are still running their automated attack programs, looking for security holes in unpatched and misconfigured software (average time until an attack after a new system is attached to the Internet: five minutes).
[ Read more ]