Friday, December 16, 2011

Study: Hackers and IT pros share personal information online

A recent study found that tech-savvy people disclose sensitive information to strangers they meet online, even though they should know better and found that Hackers apparently can be just as careless as their victims.

This study focuses on the phenomenon of disclosing private information to online friends who appear to be sharing your interests.  The sample consisted of 100 persons, half of them working in the IT security industry (chosen from a professional network), while the other half dwelt on 'the other side of the fence' - the hacker’s clique (selected from specialized forums for 'bad guys').

Two experimental profiles were created, using the same information (age, sex, interests), but different jobs - corresponding to those of the respondents. After being contacted, the participants were interviewed in order to determine what kind of information they would be willing to disclose to a person working in the same industry, but still unknown to them.

The results suggest that, no matter what side of the fence they are on, people will behave the same: as though the virtual environment creates a second life, entirely different from the real one - they are willing not only to accept unknown persons inside their group just based on a nice profile, but also to reveal sensitive information (about their company, themselves and other persons) after a short online conversation.  This applies to both categories of respondents even though they are aware of the risks such information disclosure would pose in real life.

Well I guess you just cannot trust anyone anymore.  Perhaps with all the social media forums available today we are trying to connect more in an impersonal world.  We should be connected more, we should have a greater sense of community.  What seems to be happening is that we are becoming more and more disconnected, like islands.

Was the appeal of the “Tests” were really people wanting to be connected?  Offer what people seem to want and need and you can get just about anything you want.  Kind of reminds me of some stereotypical sales people that care more for the bottom line than the consumer.

Have we learned anything (yet)?  Well yes, if it is the fact that your private information, yours or someone you are responsible for, is a valuable commodity for the industry that deals with stolen identities and funds.  Yes, that we can all be fooled.  Yes, that we need to be more aware.  Yes, that we need to recognize there is no perfect solution that will protect us from ourselves.

What can we do?  First, think.  Second, before you reply to an invitation or anything online or even in person, think.  Third, hire experts to help you think, because it is a big bad world out there and we all need help. 

Sometimes it is hard to think outside of the box when you are in the box.  That is where Dolvin Consulting and Cyber Security Auditors & Administrators (CSA2) work best.  We work with your team to analyze your risk quotient and build a working Written Information Security Program (WISP) plan that addresses the volatile nature of information security.  Contact us today to see how we can help you sleep better at night.

No comments:

Post a Comment