Reading Fox News earlier today, I could not help but draw parallels between the technical world and the physical world; there are so many of them. According to Fox, government employees are responsible for nearly half of the security breaches at government or military cyber sites.
Back in the sixties, a gentleman named Ishikawa in Japan championed the use of fishbone diagrams for solving quality control problems. If memory serves me, industries such as manufacturing had seven contributing factors to any problem, although I tend to remember the big four: people, process, technology and environment. It is often surprising to be reminded that no matter how much things change, they often remain the same.
If we apply people, process, technology and environment to managing cyber risk, we continue to neglect the weakest contributor of people. Billions are spent on technology. Even more is spent developing processes, frameworks and compliance models. And of course, we usually secure the environment as data centers are relatively secure areas in terms of physical access and have redundant power, and other elements needed for a secure and robust environment. Still, the good old human element gets us half the time.
This is really nothing new and we can draw parallels from the non technical world. For example, years ago, infection was widespread after surgery. Then, somewhere along the way we discovered sanitation and sterilized surgical instruments, thus reducing infection.
We also discovered that food can spoil and make us sick. So, we invented refrigeration to slow the spread of foodborne illness.
We also figured out how to stop the spread of STD’s as well as prevent unwanted pregnancies.
In all of the above advances, there was a procedural or technical solution to the problem. Yet, even today, all remain a problem; why? They remain a problem, because regardless of the solution to the problem, it is people who must follow the process. People must implement and correctly use the technology. Otherwise, we still have the problem.
Unwanted pregnancies and STD’s remain a problem because people fail to take proper precautions. Is suspect that cyber breaches will continue to remain a problem for years tp come for the same reason: people fail to take proper precautions.