Even if your code is hacker-proof, there's still one way into your systems and it's much tougher to patch.
There's an ongoing debate about the security implications of using cloud computing services versus running IT systems in-house.
Cloud advocates note that the largest cloud companies will have hundreds, or even thousands, of security staff and the time and money to keep their systems up to date. In contrast, the average enterprise may only have a handful of security staff to cover a wide range of different systems, many of which may be ageing and incapable of being entirely secure. However, some businesses feel more secure holding their critical data themselves rather than trusting it to a cloud company that may spread it across datacenters in different countries.
But however good the systems are, the weak link is always the humans, according to ethical hacker and penetration tester Jamie Woodruff
One of his clients asked him to do a penetration test -- to attempt to access a company's systems in order to evaluate its security.
He identified one of the systems administrators from social media and was then able to find, posted online, passwords connected to that email address from a previous hack. And as the systems administrator had been using the same password for all their online logins -- and hadn't changed it even after one of them had been hacked -- Woodruff was able to use that to get into the employee's cloud service.
No comments:
Post a Comment