govciooutlook
Sign In

Subscribe to our Weekly Newsletter to get latest updates to your inbox
JAN-FEB, 20178GOVERNMENT CIO OUTLOOKUsers, Don't Take the Bait!nformation Technology Security is a sum of many parts. Border security involves layers of security systems across multiple networks. Virus protection involves updated virus datasets and tools. Physical security involves facility access and locking down wall jacks. Wireless system security involves credentialing and transmission encryption. Data security involves hardened systems and at-rest encryption. But the hardest security threat to adequately cover is the user who inadvertently lets a hacker into their system by accident. This user attack concept is very similar to a fun and relaxing sport, fishing. Everyone loves to fish. It is exciting the first time you set your bait and then cast the line into the water to catch your first fish. Unfortunately, within the technology world we live in today, we are the fish when it comes to the easiest way hackers can penetrate your systems defense. Martin P. Rose, CIO, Pinellas County GovernmentIByPhishingCoincidently, this user based attack is a homophone called "Phishing." Phishing is now the number one method for hackers to gain access to a computer or network. Phishing is the same concept as real fishing. A hacker will send "bait" in the form of an email with a request for sensitive information or an attachment to open or a link to click on. Once the user takes the bait, the hacker exploits the user's action by gaining access to your computer. Phishing first started as a targeted single person act but added multiple user attacks as technology changed. One of the first phishing attacks were performed by phone. Hackers calling individuals saying they are from an institution or organization. They ask for your credentials to accomplish some audit or to verify a fake assumption. Sometimes the caller also incorporates basic data about the user that someone could pull off of a search engine. The information they collect are bank accounts, usernames, passwords, pins, Social Security numbers, etc.``Phishing first started as a targeted single person act but added multiple user attacks as technology changedMartin P. RoseOIN MYPINION
< Page 7 | Page 9 >