Yes, we are getting incrementally better at SQL injection but not by much.
Yes, IT security focus is now in the forefront of businesses that stand to lose proprietary data, sensitive data, customer data and trade secrets.
But a long time before the Sony debacle, came the classic con game. Social engineering is nothing more than that. Ok, with a little modern technology but its about trickery. A recent video I posted shows this. Some people seem to have a double dose of an inoculation to what at a minimum are cautionary tales. From all angles they appear immune to the news, events and what is actually happening this week, this month.
Should we not keep up to date with cautionary news reports?
What is the answer, you might be asking, if you are in charge of valuable things within your company, corporation or government?
That is the cement foundation for security.
Sure, pay a company to evaluate your security – you should. But why not start early and put each employee through a rigorous IT security and social engineering training.
My friends at http://www.aspectsecurity.com (I have no affiliation to them other than that we have both spoken at an IT summit) provide online video training that is essential to businesses that – how can I put this – do not want to spend a lot of money creating something just to give it away for free.
Invest. In. Security.