If Yogi Berra or Jeff Multz said it, it's probably true no matter how outlandish it sounds. Multz, the director of North America Midmarket Sales for Dell SecureWorks who has a Bachelor of Science degree in Computer Science and has been working in IT for 28 years, may not be as famous as Yogi, but his quotes regarding information security are just as memorable.
Multz gives more than 200 public talks a year, and you never know what the impassioned speaker is going to say next when he opines on information security. He'll talk about "the care and feeding of tools," "stupid people tricks" and "smart people doing stupid things putting their business at risk."
"Stupid" might sound a little harsh, but when you look at what he's trying to say, he makes perfect sense. Malware is not the only problem organizations need to be concerned with. They need to be concerned with the people who work for them who do things they shouldn't be doing. For example, people may visit websites that are known for spreading malware. Or employees may receive emails from people who are phonies, people who aren't who they say they are such as a customer or fellow employee. The email receiver, who wouldn't know that the sender is not a legitimate prospect, customer or employee, clicks on the email links or attachments. Bullseye! The phony has just tricked the unsuspecting employee into clicking on a link or attachment that surreptitiously downloaded malware onto the computer.
You see, employees can get their work email accounts hacked. When that happens, an outsider can start sending out emails that actually come from the legitimate employee's email address. But the employee didn't send the email. A hacker did. And that email the phony just sent out could be affiliated with malware, which could infect the receiver's computer and in turn other employees' computers. So Multz is trying to caution people to be careful of the websites they visit and to be skeptical of all emails with attachments and links in them. So if an employee ever sends you an email that says, "Hey! Look at this great picture of my mama!" you should call the employee and say, "Hey, Dave, did you send me this picture of your mother?"
One of Multz's famous quotes has to do with "shelfware," a term he coined about security products that "sit on a shelf doing half a job at most." He says, "The key thing that is needed is people." In his 10 years at Dell SecureWorks, Multz has probably visited a thousand companies and often sees they have security products that purportedly protect companies from malware. But without people to manage and monitor products 24x7x365, the shelfware itself can't protect an organization. It's like having a top-of-the-line oven. It's great, but somebody better know how to cook.
Yogi always said, "It ain't over till it's over." With today's Advanced Persistent Threats, if you're not managing the security of your business, your game could be over way too soon.