Page 66 - Cyber Defense Magazine for August 2020
P. 66
executives is that security is a necessary evil because it is very difficult to measure budget performance
and protection outcomes.
Lack of cyber security ‘common sense’
We often hear that ‘humans are the weak link in cyber security’ – usually meaning that they do ‘stupid
things’ that unintentionally help hackers. Security controls (e.g. people, process, technology) exist to
control security outcomes. They are largely intended to control humans from doing something or having
access to something. When we blame humans as the weakest link, we are simply pointing out that
controls do not effectively control desired security outcomes. Largely, the people to blame here are not
the ‘general workforce and public’ but the security practitioners whose job it is to produce controlled and
expected outcomes. And for the challenges of effectively calibrating, gaining access to, and leveraging
required skills, they are often the victims of their own vicious cycle.
Programmatic and control cyber security performance is challenged because humans are the weakest
link, just not in the way that cyber security experts are pointing their fingers.
About the Author
Douglas Ferguson, a security professional of over
20 years, is the Founder and CTO of Pharos
Security. Pharos specializes in aligning security
goals and strategy to the business and a calibrated
risk appetite, ensuring an integrated business plan
and optimized operations build that to plan and on
budget.
Prior to Pharos, Ferguson was with Barclays Bank in London, where he was responsible for numerous
security programs and initiatives across more than 40 countries. Previously, Ferguson was a Managing
Consultant and researcher on the acclaimed X-Force at Internet Security Systems. He delivered security
services to more than 200 clients globally and was a co-creator of the breakthrough System Scanner
technology. Douglas can be reached online at [email protected] and the Pharos website:
https://pharossecurity.com/
Cyber Defense eMagazine – August 2020 Edition 66
Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.