Considering the human factor as the weakest link in the security chain is as old as true. And the very fact, as undeniable as devastating. So teaches us the reality embodied in the examples brought by today's edition of our "Newsletter". (Naturally, I am conscious that subscribing the above statements, here and now, brings nothing new, except that it never hurts to remember it. In that sense, everything is small!).
Speaking of conscience, that computing is a socio-technical discipline is something you become aware of very quickly; even when, still very young -of course, I speak of my generation; our children are born with all kinds of programmable devices under the arm- one takes (took) the first contact with computer programming. In those days, it took you few time to make yours the phrase (and, if not, there was always someone close to you saying it) "No, it's not that the computer has malfunctioned. It's done to perfection and has calculated what you asked. What’s wrong is the program, the instructions you have given him". This same idea was the one that Josu Franco, Vice President, Corporate Development, at Panda Security, reminded us a few weeks ago when at a round table he was questioned as follows: "Mr. Franco, then, do you believe that software quality (or rather, lack thereof) is the most decisive factor when it comes to cybersecurity?". Mr. Franco’s answer could not be clearer: "No, I think that what is really crucial is the person (or persons) who has been following the creation [design-build-test] of that code of questionable quality".
But, of course, not only in the creation of software intended for information or control systems there is a clear human intervention -at least, so it has been until now mainly-: What about its use; the use and operation of such systems? In that sense, the opinion of those in charge of cybersecurity is daunting, when they point to the mainstream behavior as the main threat to the systems they guard.
At the same time, it is not all negligence. Although it is in our willingness to do the right things right, we have to realize that sometimes simply we are deceived. If in doubt, know the opinion of the "DEF CON’s deadliest social engineer", young mathematician and professor Lillian Ablon, who was the first woman to "capture the flag" at the famous hacking conference’s social engineering competition.
A social engineering that materializes, most of the times, via "phishing", in its different and threatening variants. Ask FACC or the US Coast Guard!
Deepen these and other topics in our weekly "Newsletter". Subscribe here and enjoy reading!