It is easy to blame people for security incidents, and this happens a lot. I believe this is an area where the cyber security field still needs to mature, because simply saying it’s down to human error won’t get us anywhere.
Security risks in our organisation are usually risks we want to treat. To achieve this, security professionals turn to implementing so-called controls. This is a word loaded with promise. Of course we want control, especially with the growing amount of cyber uncertainty. But do the techniques we use for controlling risk necessarily result in actual control?
A favourite part of my work is talking with other people. There is so much insight to learn from actually getting to know other persons, face to face. Especially when you work with security and IT, and you start listening to what people are actually saying about it.
Anyone can relate to an e-mail they got, that seemed a bit suspicious. Or to seeing a Facebook campaign that seemed too good to be true. Security is not something special that matters only for a few people. According to a recent online survey of American adults, 39% said they would sacrifice sex for one year if it meant they never had to worry about being hacked.