A story here proposes, largely jokingly, the idea of adding “Homo sapiens” to a widely-recognized list of the most significant vulnerabilities impacting computers and the networks which connect them.
Even though this is a joke, I wonder if a certain value might not be had by listing it in this fashion, on a widely-used and well-known list like that one. As we’ve already talked about here, the human factor is already one of the weakest links in the security chain, and as computing becomes more and more ubiquitous, the risk is just going to increase.
Although most company policies have a basic nod to this area, is it time to revamp these policies, paying specific attention to the risks associated with social engineering, and increase the training around these issues? I think it is, and I think that listing it in the SANS Top 20 list is actually quite appropriate, and no laughing matter.
Thanks to the DC303 list to calling my attention to this.