Essay – Humans, the weakest link in the Information Security Chain Assignment

The greatest hacker and the pioneer of social engineering Kevin Mitnick Once said: “Companies spend millions of dollars on firewalls and secure access devices, and it’s money wasted because none of these measures address the weakest link in the security chain: the people who use, administer and operate computer systems.” And he was not wrong about it, according to a study published on DataPrivacyMonitor in the year 2015 around 25% of the data breach was due to the Employee Action/Mistake. And is one of the serious problem where companies are not investing much. But with the rise in cyber crimes especially directed at big corporation. Companies have started to acknowledge the most threatening flaw in their systems, HUMANS and their impact in information systems. We will further discuss the impact with reference to recent cyber attacks, Remedies in depth in the following paragraphs.
There is no point in investing in the IT security infrastructure if there they are not used to their potential and are just a human away from being totally useless. As published by a Study by IBM 2016 Cyber Security Intelligence Index, IBM found 60% of all attacks were carried out because of mistakes of people working for the organization most cases it was found that the reason for cyber attacks being so successful, system administrators not configuring it right. Even letting the software is hardware use their default passwords. Machines can’t be broken are manipulated so easily, as being humans we can be easily influenced and manipulated. We humans are a more vulnerable link. We have automation but we are still dependent on humans, so now the problem arises as to how to make this vulnerable resource an asset. The most vital point to protect us is to be self-aware of the Human factor it’s capability and its flaws and then we can work on fixing the problem.
Now, as we have established the fact that the humans are flawed and be the reason of some serious damage to the organization. We shall invest and find ways to fix this. There are many ways by which we can fix this lets further discuss the most important five ways by which we can fix this. We must make them aware of critical they are to the organization. Typical employee cyber security making silly mistakes as using weak passwords, using software’s and applications which are not secure and mostly are not aware of potential threats and systems are not updated time to time. Some of these mistakes are done by an individual but the whole organization has to suffer the consequences. The best practices to prevent human errors and security mistakes is by creating an effective security policy and educating the employees about the risks that such mistakes pose to the security of an organization. This will make employees much more aware of potential security risks than their actions may pose, and will result, employees, being more careful. Applying the principle of least privilege when we are talking about accessing data, it not only secure but much more reliable to deny all access by default. And strictly following the only need to know principle. As well as compartmentation of information. This will prevent both accidental data leaks and data manipulation.


[2] [3]

Cover Picture Source:

Stay Insane

Written by JerkShakespear