Lucian Constantin’s recent article “Expect more cyber-espionage, sophisticated malware in ’12, experts say” states that cyber-attacks in 2012 will increase with more sophisticated malware. Certainly companies like MicroTrend, Symantec and others have their work cut out for them to eradicate these attacks once they are launched. But taking a step back, the question arises as to how malware is first getting into the networks.

Answer: employee’s carelessness.

Using social engineering attacks are still the best and cheapest way to distribute malware. Spam emails, phishing, spearfishing, etc., all utilize attachments that can hide the malware. It still is amazing that such an and old and simple method is still the most effective. An according to some experts, educating the employees about information security is a waste of time. I disagree since even if one person is helping by being educated and aware it is better than having none. But education alone is not the solution.

Technology applications, networks and operating systems have to incorporate security as one of their key design components. Stop the patching and all the backward compatibility design concerns and start create an entirely new OS from scratch. We don’t run DOS and Windows 98 anymore.

Software applications also need to incorporate high security standards like integration with multi-factor credentials. Using a smartcard that first authenticates the user to the card, then the card to the computer, then authenticates the card and server to each other, and finishes up with the user to the application can greatly improve a company’s security.

Public cloud services are still scary at best. Do you really know how and where your data is being stored? Plus, when some of the biggest public cloud companies are “sidestepping security” with protection clauses in their contracts should tell you something. Private clouds can have more security safeguards but it requires knowledgeable people to build and manage.

Security is only as strong as the weakest link and that link is the employee. I would wager that majority of the employee caused breaches are done through carelessness. Employees have to get their jobs done and will often circumvent security protocols so as to increase convenience and efficiencies. That is why any security plan has to take into account the user. Otherwise, corporate officers are lulled into a false sense of security. A 25-character random password that has to be changed every 7 days is super security but don’t be surprised when there is an increase in Post-it Note supplies because these passwords simply cannot be memorized by most employees.

Author's Bio: 

Dovell Bonnett has been creating security solutions for computer users for over 20 years. In order to provide these solutions to consumers as directly, and quickly, as possible, he founded Access Smart. With each of his innovations, the end user — the person sitting in front of a computer — is his No. 1 customer.

This passion, as he puts it, to “empower people to manage digital information in the digital age” also led him to write the popular Online Identity Theft Protection for Dummies. Within the pervasive nature of our e-commerce and e-business community, personal information, from credit card numbers to your pet’s name, is more easily accessed, and identity theft and fraud has become an issue that touches every consumer.

Mr. Bonnett’s solutions reduce security risks for individual users, small businesses and large corporations. His professional experience spans 21 years in engineering, product development, sales and marketing, with more than 15 years focused specifically on smartcard technology, systems and applications. Mr. Bonnett has spent most of his smartcard career translating and integrating technology components into end-user solutions designed to solve business security needs and incorporating multi-applications onto a single credential using both contactless and contact smartcards. He has held positions at National Semiconductor, Siemens (Infineon), Certicom, Motorola and HID. He is the author of smartcard articles, regularly presents at conferences, and helps companies successfully implement smartcard projects. Mr. Bonnett has been an active member of the Smart Card Alliance contributing to the development of physical access security white papers. He holds dual bachelor’s degrees in industrial and electrical engineering from San Jose State University.