Not that it ever let up, but we continue to see breaches, hacks, attacks and malware incidents being reported almost daily.  Botnets are abound and the targeted (adware, trojan, spyware, browser modifier) threat growth is on the up-climb.

Companies are challenged to keep their infrastructure safe and are deploying various technologies to thwart the threat.  The thing I find fascinating about some of the recent stories is that while some hackers are changing tactics, many of these incidents weren’t accomplished using any ‘advanced’ techniques to break in, they just exploited the human factor.

Human curiosity, willingness to help and general unawareness have helped the malware mania and with these visceral times, we don’t sometimes stop and think of the ramifications of our clicks.  I’m sure many of you have heard about Social Engineering, the USB Way story where a consultant ‘seeded’ loaded USB thumb drives in a bank parking lot and watched (with his eyes) as employees grabbed them and watched (via returned emails) as they started to plug them into corporate workstations.  The fake Obama website had a simple link with a eye catching headline: ‘Barack Obama Has Refused to Be President.’  ‘What?!?  No Way, I gotta read this story…’ Click - and the damage is done.  It has been reported that the Checkfree breach was possibly due to a phishing scheme and certain MITM (man-in-the-middle) attacks require the user to click thru the certificate warnings.

2009 is certain to bring new infections to devices, new techniques to slip through firewalls, new social media outbreaks and probably a few more big names in the headlines – and F5 has plenty of solutions to solve emerging threats - but I also think simple Social Engineering threats will have a huge impact this year.  There are many folks who might be anxious about their situation and when we’re under a lot of stress, we don’t always think clearly.  With all of the technological challenges facing IT departments this year, don’t forget about your users and how our brains work.  These threats, while simple, require new education and refresher training, both to protect your infrastructure and sometimes, us from ourselves.

ps