Company privacy traded for candy

by Steve Ragan - Apr 17 2008, 17:33

InfoSecurity Europe reps, demonstrating Social Engineering techniques in advance of next weeks InfoSec Europe conference, stood in front of Liverpool Street Station (City of London) and asked for personal information including passwords. They offered candy in return for the information.

Researchers are offering candy in exchange for passwords and other information. (IMG:J.Anderson)

As kids, we are told about strangers offering candy. We were instructed to avoid them, never offer information to them, and never take the offered candy. As adults, rushing about from one office to the next, offering your password for a mid-day snack, is perfectly ok. Isn’t it?There were five hundred seventy-six people questioned. With the promise of a vacation if they won a drawing, the interviewees offered up names, and telephone numbers. Then if they completed a survey, which asked them for other information including passwords, they received the candy.This serves to prove one thing, the human element is still the largest risk factor involved in IT security. You can add all the layered protection you want on a network and encrypt everything, but in the end if Marry in Marketing tosses out her password for some candy, then the security is beaten.It would not take long to deduce the network login, and with a little, as Johnny calls it, No Tech Hacking, it is possible to gain access to the network and company. None of the information collected by the research was used or saved. They have done this in the past, offering shirts or pens instead of candy. The research report shows that in 2007, sixty four percent of the people talked to were ready to hand over passwords.This year that number dropped to twenty-one percent, so there is growth in the security awareness of office workers. However, what about the twenty-one percent of the companies who could be at risk?

Talkback

There are currently no comments for this article. Be the first to comment! (no registration required)

Security: Index; News

: Features; Reviews

Advertising

The Fine Print

© 2008 - 2009 The Tech Herald.com, WOTR Limited. All photos are copyright their respective owners and are used under license or with permission. The Tech Herald cannot be held responsible for the content on other Web Sites.

Servers supplied by Servint

Security

Company privacy traded for candy

Talkback

Latest

Latest Articles on Monsters&Critics

In The Tech Herald

Site

The Fine Print