According to a USA Today report, a Google employee may have unwittingly initiated the chain of events that led to the culmination of Chinese efforts to hack into the company’s cyber-infrastructure. While no formal confirmation has come from the company, itself, George Kurtz, Chief Technology Officer at McAfee, indicated that the method of attack was Spear Phishing (the sending of emails with maliciously encoded links, to random recipients in a company in hopes that one or more will recipients will click on it). While this method of attack is not uncommon, it does represent a shift from the traditional mode of attack. Instead of testing a distant network’s security posture, on a port by port basis, attackers have learned that the easiest way in (and back out) is through the front door. For this reason, emails with links to maliciously encoded websites represent a much easier and less obvious avenue of approach. The question that begs, though, is whether a single unpatched computer was responsible for the entire debacle.
What this attack does once again highlight is the need for a top-to-bottom computer security program, within any company that has an IT infrastructure. While the most prepared companies may employ firewalls, intrusion prevention systems, and web-filters, all of those are worth nothing, if the network’s end users are not properly educated. To this end, it is imperative that companies ensure users are trained on what is allowed, what to look for in terms of suspicious internet/email activity, and, most importantly, what to do when they spot something suspicious. Thereafter, annual refresher training also ensures employees know what to look for and what to avoid. Though it is unfortunate that a single, careless Google employee may have initiated the action that ultimately led to the infrastructure’s compromise, it does serve as a wake-up call to all companies that security mishaps can happen to even the largest of computer giants.
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_c.png?x-id=3d28e2f6-b298-4b9a-9601-cc3525753b64)
[...] the full article in our latest post on the technology mega-site, MWD.com: http://www.mwd.com/2010/01/alleged-employee-role-in-google-attack-highlights-the-importance-of-compu... var addthis_pub = ''; var addthis_language = 'en';var addthis_options = 'email, favorites, digg, [...]
Maybe they should pay their employees better and treat them in a fair way. Probably, the hacker employee was fired for no good reason or maybe there were other reasons involved. But in the end, if you draw a line and try to formulate a conclusion, it sounds like this: nobody will ever do that unless you really piss them off.
__________________________________________
Employee Leasing