Human Error Is Greatest Security Risk
from the no-surprise-there dept
For all the talk about "trustworthy computing" and how buggy software is a big "cybersecurity" risk, it turns out (and, no, this shouldn't surprise you), that the biggest security risk remains human error - and not security holes in software. People simply configure things wrong and leave security wide open all the time. While there's nothing wrong with promoting better software, it might be more productive to better train IT workers in properly securing systems.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Astonishing
[ link to this | view in chronology ]
Re: Astonishing
Excellent point. I should have noticed that...
[ link to this | view in chronology ]
hmmmm, then why is it that..
Sounds like someone wants more money. In an economy that's hurting and lacking job I can see where certifying agents would be "alarmed", their life's bread is dwindling.
[ link to this | view in chronology ]
Bull!?!
Yes, stupid mistakes by administrators setting up computers do happen, and sometimes they mess the machine up enough that an attacker can access their system... I've been on many an assessment where we busted root in a server because the administrator did the wrong thing, and many a DefCon CTF where the same occurred, but to find these vulnerabilities takes an attacker of far more caliber than your normal script kiddies who pound Unix boxes with Windows exploits.
And besides, education trumps these types of errors, but looking at Microsoft for experience, very little is accomplished when you try to teach programmers to do the right thing, but don't have any real code review process in place. I'd take computers with OpenBSD on them, administered by clueless newbies over Windows boxen administered by the best of the best any day.
Then again, I have the best of the best running OpenBSD....
[ link to this | view in chronology ]