Why people are not the problem in security and where to look (hint: grab a mirror)

Do not put your faith in what statistics say until you have carefully considered what they do not say.  ~William W. Watt Over the last few years, a series of reports, studies, and endless articles suggest the biggest challenge in security is people. Whether external attackers taking advantage of individuals, insider mistakes or even insider espionage, the overly simple and false conclusion is that we face a "people problem." Convenient, but not true. Except, of course, when it happens to be true (which isn't often). Enter the Human Paradox Early into the research and development of  Into the Breach, I realized that a security breach (regardless of the definition) is only a symptom. As a result, a focus on preventing security breaches creates a losing situation … [Read more...]