The user is the weakest link. Really? Part 1

Publish date:

At the recent NCSC One cybersecurity conference in The Hague it was on the big screen again: “people are the weakest link”! It appeared that especially users are fools who click on any link they can get their mouse on, connect their devices with any open wifi and in general don’t understand the slightest bit […]

At the recent NCSC One cybersecurity conference in The Hague it was on the big screen again: “people are the weakest link”! It appeared that especially users are fools who click on any link they can get their mouse on, connect their devices with any open wifi and in general don’t understand the slightest bit (or byte) about the delicate digital world. They make that world an unsafe place, with their curiosity, greed, lack of knowledge and laziness. Hey, even hackers use bad passwords!
 
Having worked in information security for quite a while, I tended to agree with the statement, but with a certain amount of uncertainty. Why are there so many other drivers for vulnerability in cybersecurity? Think of the many structural weaknesses in all layers of ICT and the increasing complexity of individual ICT components and ICT environments as a whole! Who is to say what is the weakest link of them all? And more problematic: if users are indeed the weakest link – and we have been saying that for quite a while – why haven’t we found a way to deal with that? People still are curious, greedy, unknowing and lazy. Ok, sometimes…
 
A thought then struck me and it stayed with me: users are people.  People have evolved only slightly the last seventy years. ICT on the other hand has evolved tremendously in this period! Could it be that we  – especially the ICT industry – have developed all kinds of technology that do not go well with known vulnerable human behaviour?
 
It would be interesting to see how we could make the use of ICT more secure by following the course of action of ordinary users. What would Pete or Maria do? Click on the hyperlink in the email message that interests them? Sounds pretty normal, but we don’t want Pete (nor Maria) to wander into a Watering Hole or drive-by-download website and infect our network. Can we prevent them from clicking? No, most probably not. People just do that, even security-savvy people. So the only real solutions seems to eliminate the possibility that the normal activity like clicking on a link causes danger for the users system or anyone elses. This is probably a technological intervention.
 
Easily said ofcourse, but that really is a big one… Seen in its full extent, that would imply cleaning up whole stacks of ICT, not just blocking Javascript or patch-up every week. That is a (too) huge challenge, as there is so much to fix. From not-exactly-100%-secure Internet protocols to information leaking apps. Apparently at the design, development and maintenance of ICT it is where things can be done better.
 
That brings up  a second thought: does this mean that we ICT (security) professionals are the real weakest link??
 
More on how to use user behaviour in a more positive way in the next blog!

Related Posts

Digital Transformation Institute

Implementing intelligent automation in Insurance: A roadmap for success

Alan Walker
Date icon September 17, 2018

Four distinct phases for a firm’s automation journey: creating a vision and garnering...

Artificial Intelligence

How the machines are taking over the UK energy sector, and why all of us should want them to

Tom Green
Date icon September 14, 2018

AI is now being adopted across the electricity value chain and this innovation in the sector...

cookies.

By continuing to navigate on this website, you accept the use of cookies.

For more information and to change the setting of cookies on your computer, please read our Privacy Policy.

Close

Close cookie information