Isaac's Blog: Welcome to the Future: Blaming users for security incidents is counterproductive

Monday, November 10, 2014

Blaming users for security incidents is counterproductive

The Associated Press has done some important research into the cause of cybersecurity incidents in the federal government. Unfortunately, they come to the wrong conclusion. They document the huge rise in security incidents, and then add:

"And [federal] employees are to blame for at least half of the problems."

Specifically, not because the employees are the hackers, but because

"They have clicked links in bogus phishing emails, opened malware-laden websites and been tricked by scammers into sharing information."

This is counterproductive. It blames end users for problems that the security community should be taking accountability for.

No comments:

Post a Comment

About Isaac

I'm the CEO of Tozny, an innovative security and privacy company building easy to use products. Previously, I was the Principal Investigator for Assured Information Sharing at Galois.

Cryptography: One of my focus areas is in the correct use of cryptographic protocols and algorithms and I sometimes perform security analyses of innovative products.

Android: I occasionally write software for Android. My work in this area includes a simple guided meditation program as well as encryption and password storage app, in collaboration with the OpenIntents project.

Other Software: I'm have previously authored or maintained several software packages: The Haskell Cabal, a Haskell filesystem called Halfs. I also contributed some of the original code for Debian's apt-get cryptographic signature checking.

Social Software:I'm on Twitter as well as LinkedIn. For professional relationships, please find me there. Personal friends can find me on Facebook.

Non-Geek: I really enjoy road bike racing, rock climbing, hiking, reading good books, drinking coffee, and the awesomeness of Portland, Oregon :)