This post is in connection with Curly’s article in which the orginal story can be found at the Chronicle ;
An organisation may have purchased the best security technologies that money can buy, trained their people so well that they lock up all their secrets before going home at night, and hired building guards from the best security firm in the business.
That organisation is still totally vulnerable.
Individuals may follow every best security practice recommended by the experts, slavishly install every recommended security product, and be thoroughly vigilant about proper system configuration and applying security patches.
Those individuals are still completely vulnerable.
In this security-conscious era we spend large amounts of money on technology to protect our computer networks. When will governments realise that the most unsecured part of database is the user who are constantly interacting with the system. Security is too often merely an illusion, an illusion sometimes made even worse when gullibility, naivete, or ignorance come into play. The worlds most respected scientist of the twentieth century, Albert Einstein, is quoted as saying, “Only two things are infinite, the universe and human stupidity, and I’m not sure about the former”.
So looking at the article from the Chronicle it had nothing to do with ‘hacking’ into the councils secure system or poor technology in place, but everything to do with the human error. So when they use the word ‘breached’ they really mean they left the front door open to anybody passing.
Learn from your mistakes, a database is never going to be a 100% secure, because the human factor is truly the weakest link. So wouldn’t it be recommended training the users to a high standard above all else ?.
- Kyle
The above quote is from one of my favourite books titled the Art of Deception by Kevin Mitnick (amazon)