Poor cyber hygiene - not zero days - to blame for high-profile intrusions, says NSA
The spate of cyberattacks recently against U.S. targets including political groups, government agencies, news organizations, and think tanks has renewed cybersecurity concerns among candidates and security researchers.
One could be forgiven for concluding that there is no way to defend oneself in the face of sophisticated attacks by nation-state hackers bearing zero day exploits.
However, there's no need to blame zero days, a National Security Agency (NSA) official said Thursday. The targets have provided attackers with a wide enough vector through poor cyber hygiene.
The agency has for the past two years been involved in incident response efforts involving “all the high-profile incidents you've read about in the Washington Post and New York Times,” NSA deputy national manager of security systems Curtis Dukes said at a cybersecurity summit, according to FedScoop.All of these attacks were conducted using simple methods, including spear phishing schemes or USB drive delivery, not through zero days, said Dukes.