The Human Element of Security
By Keith Millett | Sep 09, 2014 | Blog
You’ve worked hard at your security infrastructure. Your valuable company data is comfortably barricaded behind ranks of firewalls, intrusion prevention systems, and content filters. You have redundancies on top of redundancies, and your creative use of technical safeguards and fail-safes would impress any of the three letter agencies. But then, just as you’re about to call your boss to brag about your ‘baby’ (and maybe request a well-deserved bump in pay), an IDS sensor goes off – someone is in your network! Baffled, you frantically search endless logs for the source of the intrusion, never realizing that you’ve overlooked one of the most critical elements of an effective security posture: the Human Element!
It’s easy to develop tunnel vision when designing and maintaining security infrastructure. Such a heavy focus is placed on the hardware appliances and software applications that keep attackers at bay that security training for users within an organization is almost entirely overlooked. While users are often the weakest point in a security infrastructure, they can also be its first (and best) line of defense. A poorly educated user may unknowingly grant network access to an attacker but, with proper education and training, that same user may notice a simple network anomaly that could help detect an ongoing attack. An educated user is less likely to see company security policies as unreasonable and unnecessary burdens that can be ignored and circumvented. An extremely strict password policy is useless if users just have their passwords written down on a sticky-note attached to their monitor!
Register today for our Spotlight IT Series, featuring Eric O’Neill. As cybercrime continues to evolve, cyber criminals become more creative, attack methods evolve in sophistication. This increases the pressure felt by business owners and IT professionals and reminds us all that remaining vigilant in protecting company data assets is critical. By developing robust practical controls and technical safeguards the burden on management and IT staff can be lifted and the likelihood of a breach thwarted. Focus on your defenses, not your responses!
Four Seasons Baltimore