The Weakest Link in Any Security Strategy
The human factor will always be the weakest link in any security strategy. After so many years of security engagements, that is my conclusion. I’m not only including internal on-site assessments but external penetration tests and covert physical assessments too. Sure, covert physical assessments don’t happen as often, but I’ve completed enough to understand the power of social engineering.
You may be wondering, why is it so? I’m not a trained psychologist or sociologist, so please take this with a huge grain of salt. In fact you may totally disagree with me and that is fine. I will always defend your right to hold your own opinions
While reasons may vary, I believe I have a few valid ones:
- Most people are positive and believe in the goodness of others
- Convenience will always trump security
- Past experience
In general most people believe in the goodness of others and will make certain assumptions based on their own moral compass. Unfortunately, the reality is not quite this rosy. People’s moral compass varies as widely as anything else in life. With infinite choice, come infinite mistakes.
I’ve seen this time and time again, security policies will only apply as far as it doesn’t inconvenience us too much. This imaginary fine line between security and convenience is always a moving target. However, once the pain threshold associated with additional restrictions or security policies reaches a certain boiling point, we choose the path of least resistance. Even when that path brings more risk.
Our journey in life, brings many wonderful and not so wonderful experiences. That is how we learn. Until we experience something first hand, it is very hard for us to relate. This brings me to my last point, attitude. We believe bad things always happen to other people. We don’t believe for a minute, bad things will happen to us until they do. Then we are shocked, confused, angry and bewildered. But, at that point it’s too little too late.
How do we fix this? Have an open mind to new experiences, learn from other people’s mistakes and take to heart wisdom passed down from others, like experts in the field or someone that has experienced it first hand.
See ya out there.