So, like, just as a little aside…

/So, like, just as a little aside…

It’s actually very difficult to totally secure an organisation against targeted hacking.

That is to say, a truly dedicated hacker1 will almost certainly be able to break the security of any organization or individual they target. The way they do it, called a vector, is almost always by exploiting people, rather than (solely) by exploiting computer systems. These are the things like ringing tech support and pretending to be someone who lost their password. Or pretending to be tech support. Or dropping malware-infected USB keys in public places. Or giving out malware-infected USB keys at conferences. Or even just straight-up shipping hardware with malware already installed. Stuff like that. In general, once you have the collusion (willing or not) of a user within a system, you have potential access to that entire system. No matter how good all the surrounding technical security controls are.

Tl;dr: INFOSEC is hard, y’all. Because people.

(This post brought to you by a bunch of things I’ve seen recently sneering at organisations from not being able to protect themselves against cyber attacks from state-sponsored hackers. Because, duh. No shit they can’t.)

  1. This is INFOSEC speak for someone who, a) targets you in particular, b) has time, and c) has money. ^
2017-09-28T13:48:08+00:00 27th July, 2016|Tags: infosec|8 Comments


  1. inkteller 30th July, 2016 at 3:03 am
  2. hugintheraven 30th July, 2016 at 3:05 am
  3. col-brightside 30th July, 2016 at 5:46 am
  4. always2323 30th July, 2016 at 5:54 am
  5. embersandauroras 30th July, 2016 at 6:35 am
  6. astranyx 30th July, 2016 at 7:29 am
  7. obligatedcupid1 30th July, 2016 at 7:35 am
  8. forgottenchrysalis 30th July, 2016 at 7:40 am

Comments are closed.