#1. The User
It shouldn’t be too surprising to anyone following security trends to hear that the human user is nearly always the weakest link in a security strategy. In our work as a Security Assessment group, we’ve certainly found it to be true. And we’re not talking about disgruntled or malicious internal users who have decided to do some damage. It happens, but this isn’t the main concern.
No, the fact is that each user is a constant potential breach – not because of their intent, but because of their lack of education. More and more, users are relying on a growing trust of advancing security technology. And this is largely because their administrators do the same.
If security is only taken seriously on the software level, breaches are going to happen.
In working to gaining access into large networks, malicious outsiders will expect strong fortifications. Attacking head on is hit or miss, so hackers will try to weasel their way into getting someone to unwittingly open the door for them. Passwords can be guessed for user based on the information they have put up on social media sites. Malicious emails get by users every day, since they trust in the fact that the company spam filters are sure to weed out anything damaging.
In addition, as businesses become employ more mobile devices, a goldmine of information becomes potentially available to an attacker. Users have not yet learned to be paranoid or even cautious in regards to how they use their mobile devices. Joining a compromised network, viewing questionable emails and other easy mistakes can give outsiders a quick foothold in your network.
You can’t just put the security responsibility on the IT administrator. Formidable security can only come from the top down, as established policy laid out clearly for all employees. No amount of fancy technology will do you any good without an internal foundation to support it. Informed security guidelines need to be set on the executive level and subsequently enforced at all lower levels.
Essentially, you should be relying on your IT staff and your technology to back up your powerful security culture.