Today, it has been reported that an employee of the US Geological Survey (USGS) viewing adult content at work has led to a government network being compromised by malware. Investigators have since found that the culprit had viewed over 9,000 sites at work.
IT security experts commented below.
Richard Walters, CTO at CensorNet:
“The lesson is that all organisations, government or not, cannot just assume their employees are operating appropriately online – they need to deploy solutions that monitor and control what employees are accessing on their work devices to reduce the risk of malware getting onto the corporate system. There is no way that this employee’s consumption of adult content should have only been identified retrospectively – if the USGS had taken the right measures they could have stopped this activity long before malware made it onto the network.”
Fraser Kyne, EMEA CTO at Bromium:
“Ultimately, this highlights that users are still the weakest link and can sometimes make stupid decisions. Threats can come anywhere, from dodgy websites to unknown email attachments and downloads. At the moment hackers need to only get it right once, because there will always be someone that will visit the wrong site or click on the wrong link. No amount of blacklisting (or HR chats) will change this, and it’s time to stop putting the burden of security on employees, because it is not their job to be the last line of defence. To do this, federal agencies should adopt layered cybersecurity defences that incorporate virtualisation-based application isolation, which allows users to open web pages, emails and documents in isolation from the host PC and network. This leaves hackers with nowhere to go and nothing to steal, allowing employees to get on with their job.”
The opinions expressed in this article belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.