Considering the human factor
as the weakest link in the security chain is as old as true. And the very fact,
as undeniable as devastating. So teaches us the reality embodied in the
examples brought by today's edition of our "Newsletter". (Naturally, I am conscious that subscribing
the above statements, here and now, brings nothing new, except that it never
hurts to remember it. In that sense, everything is small!).
Speaking of conscience, that
computing is a socio-technical discipline is something you become aware of very
quickly; even when, still very young -of
course, I speak of my generation; our children are born with all kinds of
programmable devices under the arm- one
takes (took) the first contact with computer programming. In those days, it
took you few time to make yours the phrase (and, if not, there was always
someone close to you saying it) "No, it's not that the computer has
malfunctioned. It's done to perfection and has calculated what you asked. What’s
wrong is the program, the instructions you have given him". This same
idea was the one that Josu Franco, Vice President, Corporate Development, at
Panda Security, reminded us a few weeks ago when at a round table he was
questioned as follows: "Mr. Franco, then, do you believe that software
quality (or rather, lack thereof) is the most decisive factor when it comes to cybersecurity?". Mr. Franco’s answer could not be clearer: "No,
I think that what is really crucial is the person (or persons) who has been
following the creation [design-build-test] of that code of questionable
quality".
But, of course, not only in
the creation of software intended for information or control systems there is a
clear human intervention -at least, so
it has been until now mainly-: What
about its use; the use and operation of such systems? In that sense, the
opinion of those in charge of cybersecurity is daunting, when they point to the
mainstream behavior as the main threat to the systems they guard.
At the same time, it is not
all negligence. Although it is in our willingness to do the right things right,
we have to realize that sometimes simply we are deceived. If in doubt, know the
opinion of the "DEF CON’s deadliest social engineer", young mathematician
and professor Lillian Ablon, who was the first woman to "capture the flag" at the famous
hacking conference’s social engineering competition.
A social engineering that materializes,
most of the times, via "phishing",
in its different and threatening variants. Ask FACC or the US Coast Guard!
Deepen these and other topics in our weekly "Newsletter". Subscribe here and enjoy reading!
No hay comentarios :
Publicar un comentario