Help Them Help Themselves

Jan. 1, 2004
I write this from my room at the Monte Carlo Hotel in Las Vegas, not as I prepare for a night on the town, but as I sit back happily in a comfy chair. My feet are worn down to sawdust nubs from two days of walking the ISC West show floor, and the $50 my wife handed me for Mad Money as I kissed her goodbye in Atlanta didn't make it past the second turn on the craps table.'''

So I sit here pondering. I reflect on the gadgetry, electronic devices and digital marvels vendors so eagerly showed me this week, and I recall a series of conversations I had with one of my most trusted peers in the industry. It seemed appropriate to center this month's little chat around what Jack Wiles sees as the most vulnerable chink in security's armor: us.'

All the electronic wizardry in the world cannot protect us from ourselves. I remember touring a major Southeastern university with its security director years ago. As we approached the newly secured dorm area he had been praising just minutes before, we saw his precious state-of-the-art card access system rendered useless by a folding chair that had been propped against the front door. Horrified, he admitted the best laid plans aren't worth a darn if the population we are protecting doesn't realize it must help itself.'

For Jack Wiles, who is a partner in a unique security enterprise called The Training Company, it all relates back to social engineering. “Way back in 1988, I was a part of an internal security team for a large corporation,” he said. “During that time, a certain cracker group began targeting corporate victims by calling their front desks and using social engineering to gain proprietary information, including passwords. I'll never forget what I heard one experienced cracker say to a cracker-in-training: â€