As published in the March/April 2020 edition of InfoSecurity Professional Magazine
By Crystal Bedell
Humans have long been touted as the weakest link in security. But in many ways that axiom oversimplifies the issue of the human element and makes end users collectively the bad guy when, for the most part, they’re only trying to do their jobs.
Understanding why humans behave the way they do, and allowing them to inform a security strategy, can strengthen the human element so that people aren’t the weakest link but a helpful component of your security arsenal.
“We put people in front of computers, and we expect them to behave in specific ways that are in line with the functionality and operations of those systems, as well as our security requirements,” says Alex Blau, practicing behavioral scientist and vice president at ideas42, a nonprofit consultancy. “But oftentimes, people don’t behave the way security professionals would want them to, and that’s when they create vulnerabilities that allow attackers and entry points to exist.”
Understanding human nature
As any cybersecurity professional knows, you can’t apply technical controls to human behavior. By their nature, people are creative, emotional and often unpredictable. Those characteristics apply equally to end users as well as cyber criminals who leverage human behavior to advance their attacks.
“There only needs to be one way to breach your network, and it may be a human that creat ..
Support the originator by clicking the read the rest link below.
