Back to Basics: Cybersecurity’s Weakest Link

A big promise with a big appeal. You hear that a lot in the world of cybersecurity, where you’re often promised a fast, simple fix that will take care of all your cybersecurity needs, solving your security challenges in one go.

It could be an AI-based tool, a new superior management tool, or something else – and it would probably be quite effective at what it promises to do.

But is it a silver bullet for all your cybersecurity problems? No. There’s no easy, technology-driven fix for what is really cybersecurity’s biggest challenge: the actions of human beings.

It doesn’t matter how state-of-the-art your best defenses are. Perimeter firewalls, multi-tiered logins, multi-factor authentication, AI tools – all of these are easily rendered ineffective when Bob from a nondescript department clicks on a phishing link in an email.

This isn’t news to anyone

We’ve all heard this before. The fact that humans are a key flaw in cybersecurity strategy is hardly news – or, at least, it shouldn’t be news. But just ask Uber or Rockstar Games whether they thought that their systems were safe from social engineering.

Both companies were very recently breached because a hacker tricked an employee into doing something so against every security best practice that you wonder if the person who got tricked has ever heard any news about IT security.

You might even wonder whether that employee had any cybersecurity training whatsoever.