Human Error Is Greatest Security Risk

from the no-surprise-there dept

For all the talk about "trustworthy computing" and how buggy software is a big "cybersecurity" risk, it turns out (and, no, this shouldn't surprise you), that the biggest security risk remains human error - and not security holes in software. People simply configure things wrong and leave security wide open all the time. While there's nothing wrong with promoting better software, it might be more productive to better train IT workers in properly securing systems.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    imrdkl, 19 Mar 2003 @ 2:49am

    Astonishing

    A company which certifies IT workers says that not enough IT workers are certified.

    link to this | view in chronology ]

    • icon
      Mike (profile), 19 Mar 2003 @ 8:11am

      Re: Astonishing

      A company which certifies IT workers says that not enough IT workers are certified.

      Excellent point. I should have noticed that...

      link to this | view in chronology ]

  • identicon
    Talislantian, 19 Mar 2003 @ 8:09am

    hmmmm, then why is it that..

    I make, many, many less mistakes than all my certified friends... go figure... heh

    Sounds like someone wants more money. In an economy that's hurting and lacking job I can see where certifying agents would be "alarmed", their life's bread is dwindling.

    link to this | view in chronology ]

  • identicon
    LittleW0lf, 19 Mar 2003 @ 11:14am

    Bull!?!

    I'd agree if they were including stupid mistakes by programmers, but there is no way that a stupid mistake by administrators can cause more trouble than stupid mistakes by programmers. No way, I don't believe it, and a survey run by a certifier against those who went through their certification program isn't going to make me believe it any more than if Microsoft said that stupid mistakes by Unix administrators caused more problems than stupid mistakes by Windows administrators.

    Yes, stupid mistakes by administrators setting up computers do happen, and sometimes they mess the machine up enough that an attacker can access their system... I've been on many an assessment where we busted root in a server because the administrator did the wrong thing, and many a DefCon CTF where the same occurred, but to find these vulnerabilities takes an attacker of far more caliber than your normal script kiddies who pound Unix boxes with Windows exploits.

    And besides, education trumps these types of errors, but looking at Microsoft for experience, very little is accomplished when you try to teach programmers to do the right thing, but don't have any real code review process in place. I'd take computers with OpenBSD on them, administered by clueless newbies over Windows boxen administered by the best of the best any day.

    Then again, I have the best of the best running OpenBSD....

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.