HSNW conversation with Dr. Cedric JeannotGreatest cyber vulnerabilities are people, says cybersecurity expert

Published 19 October 2011

Dr. Cedric Jeannot, the founder and president of I Think Security, recently sat down with Eugene K. Chow, the executive editor of Homeland Security NewsWire, to discuss the latest rash in cyberattacks on companies, why hackers have been so successful, and the fallout from the RSA SecurID attacks


Homeland Security NewsWire: In recent months, it seems like nearly every day a major corporation or government entity somewhere in the world gets hit by a cyberattack and loses sensitive data. In your opinion, what is the greatest security vulnerability that hackers exploit to obtain critical information?

Dr. Cedric Jeannot: The greatest vulnerabilities come from people. Most of the time the technology is actually pretty robust but people click on a link when they are not supposed to, choose a simple password, or write the password down on a piece of paper.  

The second greatest vulnerability exploited is websites and web content. Meaning XSS, My SQL and web servers, for example, all have vulnerabilities that are easily exploited by hackers to obtain critical information. 

HSNW: As a follow up, what is the greatest challenge in securing data? That is to say, why does it seem as if companies and governments are failing to effectively defend themselves against hackers?

CJ: Digital content is arguably the most important asset of today’s companies with attacks on this information coming from a wide range of people and groups.  This sensitive data is taken and either re-sold or used strategically by other companies to save on R&D costs or to gain a competitive advantage in a respective market place.

In the news recently we have seen so many companies getting hacked because:

  1. The number of attacks is increasing
  2. Today’s computer systems are extremely complex and can be attacked in many ways
  3. Far too often proactive security is not considered enough by large organizations

For a long time, security has not been a priority because the return on investment was not clear. This has changed and companies are realizing that if they are hacked the consequences can be very serious and will negatively affect their business. Arguably, most companies should be spending more time and investing more on security. Having said this, even though most people acknowledge that security is important and needed, only a few companies actually implement comprehensive security policies and procedures.  

Finally, companies often think they know it all and are therefore not willing to update the way they secure their information – although they know it is not secure as it could be – or even listen to the advice of experts in the field.

HSNW: The revelation that RSA’s network had been infiltrated and its SecurID tokens compromised caused a significant panic among businesses, government agencies, and defense contractors especially given