Humans still the weak security link

By Damian Clarkson, ITWeb junior journalist

Johannesburg, 29 Mar 2005

Nine out of ten individuals leave themselves vulnerable to identity theft, a British survey has found.

The research, conducted for the 2005 Infosecurity Europe event, found that 92% of the respondents willingly parted with the personal information necessary for fraudsters to conduct phishing - identity theft - scams.

Humans have long been identified as the weak link in a security chain, but such high numbers are surprising, says Brett Myroff, CEO of local Sophos distributor Netxactics. "I think that`s quite a scary figure - it actually makes me go cold.

"With all the media hype around phishing, you would expect the rate to be lower. It is essentially like giving a stranger on the street your ID book or your bank PIN code, which is silly. You just wouldn`t do it.

"People are the weak link in security, and we need to start taking more responsibility for protecting personal information ourselves."

The scam

In a bid to highlight how easy it is for fraudsters to use social engineering to carry out identity theft, researchers approached 200 people on the streets of London, claiming they were conducting a study of theatre-going habits.

They added that participants in the survey would be entered into a draw for theatre ticket vouchers worth lb20 (R240).

To put the public at ease, they were asked seemingly innocent questions about their attitudes to going to the theatre, interspersed with questions aimed at obtaining the details needed to steal their identities, such as date of birth and mother`s maiden name.

More than 180 respondents willingly handed over the information, says Infosecurity Europe event director Claire Sellick.

Infosecurity Europe organisers destroyed all the information collected by the researchers.

Myroff says such a survey highlights the complacency in terms of identity theft. "People always assume it won`t happen to them, that it always happens to someone else. Phishing attacks are not massive yet locally, but it will be if proactive steps are not taken. This includes greater human awareness and improved security systems."