Younger T-Mobile store employees routinely surf to social networking sites like Facebook and lots of other high-traffic/high-vulnerability sites that have unwittingly hosted spyware attacks in the past. Having seen that behavior, I wouldn't be surprised if iPods and thumbdrives also enter into employee IT practices. This isn't unique to T-Mobile - it's a widespread security problem almost everywhere that can't be countered with security technology alone. Add to lax behaviors & lax enforcement the vast army of increasingly sophisticated cybercriminals that are mastering gaining network access via piggybacking on these risky activities, and it explains why breaches are proliferating at a geometric rate. My other observation is that client/server architecture, packet switched networks, and defacto local admin rights all combine into a perfect storm of inherent security vulnerabilities that are a full-time job to contravene on even small networks, let alone on enterprise WANs. So, this design flaw of inherent indefensibility creates a threat bubble that is forever expanding to include new devices, new users, new attack vectors, new attack strategies & technologies, and a host of over-hyped defense technologies that try to cover the newest vulnerability discoveries. Oh well... another day in an internet connected world.
Lax AUP enforcement to blame?
Submitted by Anonymous on Wed, 06/10/2009 - 8:06am
Tags:
-
Network World, Inc
The Connected Enterprise