Are your security professionals qualified?

FREE

Become An Insider

Sign up now and get free access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content from the best tech brands on the Internet: CIO, CITEworld, CSO, Computerworld, InfoWorld, ITworld and Network World. Learn more.

Many don't know what they don't know

Several lessons have been derived from the recent iCloud security incident, but the most important for me is how it demonstrates the ignorance of many security professionals, an ignorance that calls their management into question.

When the iCloud hack started hitting the news, it generated a lot of discussions among security personnel. Many of them grasped the underlying concepts reasonably well. Unfortunately, though, some of the conversations demonstrated a clear lack of understanding of fundamental security concepts.

[ Security expert Roger A. Grimes offers a guided tour of the latest threats and explains what you can do to stop them in "Fight Today's Malware," InfoWorld's Shop Talk video. | Keep up with key security issues with InfoWorld's Security Adviser blog and Security Central newsletter. ]

As is widely known by now, a hacker was able to compromise the Amazon.com and iCloud accounts of a Wired reporter. The accounts were compromised as a result of operational security flaws in the password reset processes of the respective organizations. The attack itself was rather involved, but at bottom it was a fairly straightforward social engineering type of attack.

To continue reading, register here to become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

To continue reading, please begin the free registration process or sign in to your Insider account by entering your email address:
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies