Fool Me Once, Shame on You

March 30, 2017 | Javvad Malik
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

April 1st, the day of pranks and attempts to fool friends, family, and co-workers, is coming up this Saturday.

This recently happened to the office of one of our VPs, and it wasn’t even April Fool’s Day. So, stay on your toes, people!

Given the right circumstances, most people can be fooled easily with tried and tested pranks that have been repeated and perfected over the years, like swapping out salt for sugar, or applying a liberal dose of Vaseline to a door knob.

Making the same mistakes repeatedly, or falling for the same pranks will make for a good laugh amongst friends, but in a business context, the impact can be more far-reaching and harmful.

Let's look at five of the most common issues that crop up repeatedly for businesses:

  • Injection flaws Injection flaws such as SQL Injection and cross site scripting (XSS) are well-documented and have existed in applications for many years. However, they are still frequently found in production systems - time and time again - despite being widely publicised and relatively straightforward to find and address.

Suggested April Fool’s prank: Developers that repeatedly push out insecure applications need to have scented air fresheners hidden all over their office!

  • Legacy systems Running legacy systems is sometimes required. It's not easy to replace old architecture, but when it begins to undermine the security of systems and limit the controls that can be put in place, such legacy systems become liabilities. After all, you can only run your core business functions on Windows XP for so long.

Suggested April Fool’s prank: For those who procrastinate too long, place a balloon over their car exhaust so it will pop when they start their car.

  • Phishing One of the most prevalent and common techniques attackers use to access systems and defraud companies is phishing. Most people have either been the victim of a phishing scam, know someone who has been a victim, or at the very least have heard about the dangers of phishing.

Some modern techniques appear very convincing, so users are not entirely to blame, but a bit of extra vigilance can never hurt. In addition, it does appear that phishing crooks can fool some of the people quite often.

Suggested April Fool’s prank: For those who are slow to learn, hard boil all the eggs in a carton and place them back in the fridge.

  • Passwords Much like politics and religion, passwords are a touchy subject. However, password re-use remains a large problem, allowing criminals to use data from one breach to access accounts on different sites. This indeed is one of the oldest tricks in the book to fall for.

Suggested April Fool’s prank: The only way to deal with a chronic password re-user is to fill their hair-dryer with baby powder.

  • It's not a matter of if... Being attacked and even breached is no longer reserved for the largest of companies. Companies of all sizes have data that can become a target. Despite this fact, we see far too many companies that are ill-equipped to detect or respond to an attack. Trying to formulate a response plan once an attack is underway is akin to trying to change a flat tire while driving down the motorway – it won't end well.

Suggested April Fool’s prank: To help develop on-the-fly response skills, replace Oreo cream-filling with toothpaste and offer one to someone.

Conclusion

This April Fool’s Day would be a great opportunity to reach out to employees to remind them to be vigilant and stay on their toes! Employees that are trained to be more careful when it comes to spotting common scams will help reduce the number of incidents, making your life happier and reducing your stress.

Javvad Malik

About the Author: Javvad Malik
The man, the myth, the blogger; Javvad Malik is a London-based IT Security professional. Better known as an active blogger, event speaker and industry commentator who is possibly best known as one of the industry’s most prolific video bloggers with his signature fresh and light-hearted perspective on security. Prior to joining AlienVault, Javvad was a senior analyst with 451 Research providing technology vendors, investors and end users with strategic advisory services, including competitive research and go-to-market positioning.
Read more posts from Javvad Malik ›

‹ BACK TO ALL BLOGS

Watch a Demo ›
GET PRICE FREE TRIAL