Chapter 2

The Weak Link in the Business Security Chain

Gavin Watson, Senior Security Engineer, RandomStorm Limited

It is still very much the case that companies will invest more money in defense technology than developing personnel awareness training and hardened policies and procedures. This chapter will explain why this approach is taken, why it isn’t effective, and clearly paint a picture of just how vulnerable companies actually are.

Keywords

Data classification; customer service mentality; weak awareness and training; weak policies; weak procedures; the weakest link

Information in this chapter

• Why personnel are the weakest link

• Secure data with vulnerable users

• The problem with privileges

• Data classifications and need to know

• Security, ...

Get Social Engineering Penetration Testing now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Social Engineering Penetration Testing by Gavin Watson, Andrew Mason, Richard Ackroyd

The Weak Link in the Business Security Chain

Keywords

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly