Security group ranks human error as top security worry
Paller’s organization compiles an annual report on the top to Internet security targets. This year “human vulnerabilities” will make their first appearance on a list that is typically made up of software products like Internet Explorer, databases, and file sharing applications. That’s because the human factor is being exploited in a growing number of targeted attacks as more and more online criminals come online in Eastern Europe and Asia, Paller said.
[T]he U.S. Military Academy at West Point [studied] a group of 512 cadets, selected at random for a test called the Carronade. The cadets were sent a bogus email that looked like it came from a fictional colonel named Robert Melvillle, who claimed to be with the academy’s Office of the Commandant (The real Robert Melville helped invent a short range naval cannon called the Carronade nearly 250 years ago).
“There was a problem with your last grade report,” Melville wrote, before telling the cadets to click on a Web page and “follow the instructions to make sure your information is correct.”
More than 80 percent of the cadets clicked on the link, according to a report on the experiment.
Worse still, even after hours of computer security instruction, 90 percent of freshmen cadets still clicked on the link.