As an information security professional, I do my best in making things as secure yet user-friendly as possible. I would say the ultimate goal of security professionals should be to make use of IT intrinsically secure: users should be protected against damage caused by loss of availability or abuse of IT systems. Simply put: IT should be idiot-proof when it comes to availability, integrity and confidentiality.

But boy, are we far from maturity. Today’s complexity still makes people use security as an excuse for all sorts of things. “I’ve been hacked” seems to be a popular statement by those trying to hide alleged criminal acts, which is wrong but understandable. It replaces something outright criminal by something less worse. The same for a more recent incident that caused a lot of attention. Again, a claim of being hacked to replace another action: human error.

I am sure criminals will continue to try and favor to replace their criminal acts by claims of being hacked, even if that means pleading guilty to bad computer maintenance. But I hope we’ll soon reach a statement where people will think twice before claiming ‘hacked’ when trying to replace human error. We should get rid of the idea that it is less bad to be hacked than to do stupid things on the Internet.