Japanese welfare minister Yasuhisa Shiozaki, complaining about the handling of personal information by the operator of Japan's public pension system, which is at the heart of a cyberattack-caused data breach incident. (Jiji Press)
© Japan TodayVoices
in
Japan
quote of the day
It's surprising that the staff members weren't even following such a basic rule as not opening e-mail file attachments.
©2024 GPlusMedia Inc.
8 Comments
Login to comment
nath
Most people don't open them, but you only need one idiot.
I bet most of the compromises came from people cruising the net and clicking on ads.
gaijinfo
I heard the entire thing came from one idiot opening one attachment.
Some half asleep government worker so zombied out he / she didn't know what they were doing.
nath
Well, no, it's not surprising. That's the whole problem.
coskuri
Only idle people never need to open mail attachments. For about 2 decades, there have existed tools to check any mail or downloaded stuff before opening. Don't blame the staff that is just using the system if the organisation/company is too cheap to instal and keep up to date all the necessary anti-virus, firewalls, etc.
One to break it all ? Then that means your product/project/activity didn't pass the chicken test. There is no doubt that they have a large stock of them (idiots) at the head of that administration. They already lost millions of files a few years ago.
Novenachama
While everyone makes mistakes and it allows individuals to learn and grow from, you can't repeat a mistake like this one. Unfortunately the cost of this mistake is overwhelming and will prove to be very costly. They need to look into their training program and other weaknesses in their system thereby preventing future costly mistakes.
turbotsat
Why do web-exposed machines need access to pension data? Wouldn't dedicated terminals be better?
Were they using Outlook for their email client?
Frungy
Exactly my thought. If the system was properly set up and maintained you'd need to:
A. Have an incompetent sysadmin who didn't set up the automatic scan on all incoming emails correctly.
B. Have an insecure email client.
C. Open the attachment
D. Click away the warning from the anti-virus.
E. Over-ride the anti-virus as it detected and attempted to neutralise the virus.
Shiozaki is just trying to shift the blame for systematic and massive flaws in the system down to the lowest ranked workers. What a slime-bag! If they hired and paid a properly qualified sysadmin none of this could have happened.
gaijintraveller
A basic assumption when setting up computer security is that many users are idiots or, at least, not computer-savvy, and the system needs to be so secure that such people cannot break it. The blame for not being computer-savvy should not be placed on the users, but on the training, which may be considered too time-consuming and therefore too expensive and troublesome, and those in charge of setting up training.
Another wise assumption is that nothing that comes out of the U.S. is secure because there are built-in back doors for Homeland Security to use. If the key is left under the mat, the burglar can use it to get in.
The third assumption, to quote a friend who is a security expert, is that there is only one way to make a Windows computer completely secure: turn it off and pull the plug out of the wall.