The fact is that the biggest security threat to an organization is there users. In a 2006 survey called Information Security Breaches they found that 32% of Information Security attacks originated from internal employees while 28% came from ex-employees and partners.
Experts in Europe and the US estimate that over 50% of breaches result from employees misusing access privileges, whether maliciously, unwittingly or unknowing. So securing the enterprise isn’t just about stopping external threats. It’s just as important to contain the threat from hapless, hazardous or naive employees.
One of the key internal threats to corporates is spyware, because it’s all too often introduced without malicious intent, by employees that naively click through a couple of pop-up browser windows, or install an unapproved application on the network. The situation isn’t helped by the myths that surround spyware.
Keven Mitnick has made a career out of educating people and users on social engineering. Mitnick has said on many occasions that people are to willing to help others by giving out information. As long as a user knows the lingo they get the information. Verification of identity is so import for protecting your company.