This past Thursday, we delivered four WebEx briefs on the topic of SQL injection. We decomposed the ASPROX/DANMEC code and discussed its impact and how to prevent being compromised by SQL injection bugs. Props to Chad, Sean, and John for asking great questions and keeping it real.
We had a large audience. Telecom companies, large public and small private universities, state agencies, service providers, online banks, and hospitals. It's great to see this level of interest from such a broad range of markets. You folks are on the front line -- stay focused, know your weaknesses, manage them, and keep working with management to get approval for smart security improvements.
In closing...protecting the confidential information that's been entrusted to you requires a personal commitment and a "not on my watch" attitude. But, you cannot do this alone. Decide to be a the security evangelist for your company. Patiently and sensibly spread the "good news", then watch what happens as people within your company suddenly "get it." You won't necessarily grow your security team, but you will add more "human firewalls" across your organization. This can make the difference between "Big deal! I'm just surfing the web at lunch! What's the harm?!?" to "My careless web surfing could cause a massive data breach! That's a big deal!"
When prevention fails (and it will!), how will you detect it? Often it's layer 8, the human element, that must stand in the gap. Awareness is critical. Please take this call personally, before someone steals what's been entrusted to you (PHI, Credit card data, etc.) and uses it personally.
Si
Comments