By Steve Lineberry, CISA, CISM NSA-IAM, IEM
Businesses spend a significant portion of their annual information technology budgets on high-tech computer security. But the firewalls, vaults, bunkers, locks and biometrics those dollars buy can be pierced by attackers targeting untrained, uninformed or unmonitored users. Few companies properly address the human element of information security. "There are times when the human element is the leaky faucet" that spills sensitive information, says Debra Murphy, a consultant who is vice president of marketing for Rapid7, a Boston-based security software company that performs vulnerability assessment, network penetration and social engineering testing. One cause for the information trickle linked to employees is the pressure many are under to constantly improve customer service. "People are being measured on helping customers and providing a great customer experience," Murphy says. Social engineering scam artists, who use deceptive and manipulative tactics on individuals to gain unauthorized access to information, pounce on that customer-focused mandate.
To read the full article, please visit the AICPA's Journal of Accountancy website.
