Our Biggest Security Threat? It’s Not Who You Think

By Elevate posted 10-15-2014 06:00


Sherry's blog image.jpgAs a Chief Information Security Officer, I get a lot of questions about the cyber security threats and what worries me most. I field questions about Anonymous, geo-political hackers, cyber-extortionists, malware, and the like. The questions almost always begin with the assumption that the threat is some lurking, clandestine, malicious, highly devious person or organization intent on breaching our security. For most, the perceived threat is like the stuff of thrillers.

But actually, while you were brushing your teeth this morning, you probably saw the biggest threat staring at you in the mirror. That’s right, the biggest security threat is you. Criminals will often tell you that crimes are most often crimes of opportunity. Why break into a well-lit house with a full alarm system and locked doors and windows, when the house next door is left unlit, with no security system, and open ground-floor windows? Why make criminal activity hard when often it is so easy? So too with cyber crime.

Most cyber criminals want easy access. They want a password, network access, unsecured mobile devices. And sadly, too often, employees provide easy access – not willfully or as part of some nefarious crime ring -- but simply out of failure to follow good security practices.

Getting employees to understand good security practices and more importantly, how those practices apply to them personally is a real challenge. Theoretical understanding and personal understanding are two different things.

Sadly, it often takes a security threat or breach to open our eyes to the importance of good security practices. But keeping that knowledge “top of mind” is an uphill battle. How many had an interest in passwords when the Heartbleed story broke? But a few months later, even though the media has reported many systems remain vulnerable to Heartbleed, the interest in passwords has waned again.

So let’s look at how we can make good security practices a part of our daily routine – like brushing our teeth. And let’s see champions of cyber security smiling back at us in the mirror each morning.

Share how you’ve raised personal understanding of cyber security practices in your company…

1 comment



10-15-2014 11:42


You're almost right.  The biggest threat is often because of things employess do, but it's not because they "don't follow best security practices".  It's because your company doesn't provide a secure environment for them to use.  If it were really secure they could do their work without worrying.  Most people aren't security experts, and no amount of "use 20 character passwords and change them every month" is going to fix that.  Build your internal systems properly and quit blaming the users.