When examining breaches, we can almost always point to users practicing poor security — how can we change this?
Put simply, most people believe that the weakest link in the security supply chain is the user. This attitude has become so widely accepted that it's almost set in stone. It is justified by the inherent unpredictability of humans; the knowledge that a security hole in any application or codebase is fully discoverable and fixable; and the difference between ‘machine’ error and human error. Human error is inherently random; a lapse in attention or judgement can occur at any time, often with seemingly no context to prompt it.
We never really question the idea that the user is the weakest link, but is it fair to stigmatize the user and consign them so unambiguously to being their own worst enemy? We ought to examine whether this consensus is truly justified.
How users fail security
When users have their data compromised, it’s usually as a direct result of a failure or misstep on their own part. While a determined hacker targeting an individual will eventually be able to overcome any security precaution, most of us will never be so specifically targeted. Maintaining basic security hygiene and awareness would be enough for us to protect ourselves against almost all general online hazards. And yet, we continually find that loss of security, compromised accounts or stolen credentials can be traced back to a failure on the user’s part.
Password apathy
Good password hygiene remains one of the hardest practices to instill in users. Our passwords form the gatewa ..
Support the originator by clicking the read the rest link below.
