Roberto Nogueda

I was at BlackHat and DefCon this year. These topics were covered, but there was so much more. The most impactful presentation I saw was around the emotional stress experienced by the very people we charge with protecting us. One example provided was around police having to deal with child pornography. The presenter indicated burnout was very high as officer just couldn’t take having to go through the evidence.

The USB experiment that Bursztein conducted is very interesting. It just goes to point out the fact that the largest security risk to any organization is their employees. Not matter how many firewall’s we put up, how many Pen tests we conduct, the fact is that there is no way to stop that one employee from taking a USB drive and plugging it into a computer. Sure, we can disable USB ports on computers, but speaking in a larger term, Hackers have one job, to Hack. They will find a way. Social engineering is the biggest problem in defense against hacking. A chain is only as strong as it’s weakest link.

A personal story. I support small offices with technology needs. I had a Dentist who was very concerned about security. Small office. 12 workstations. Only workstation allowed access to the Internet was his and the office manager. All other workstations, accessed the patient program only. no email, no Internet. Well, the doctors machine got hit with Crypolocker. When we looked into it, it came in from a USB drive he was using to share a joint presentation he was working on with another dentist!! Irony.

Roberto,
Thanks for sharing this article, it had some interesting insights. I was not really surprised by the findings of Bursztein’s experiment. Quite frankly, I believed the results would be higher than 46%. I like the comparison he made to finding food on the ground. You would not pick it up and eat it because it could poison you, so why would you plug an unknown usb drive into your machine, it can infect it!