Insights/Case studies/Newsroom/CareersCareersCareersPartnersConsultantsTechnology innovationCorporateEarly careersSearch Jobs/About us/Contact us Global locations

  • Phone
  • Contact us
  • Locations
  • Search
  • Menu


  • Add this article to your LinkedIn page
  • Add this article to your Twitter feed
  • Email this article
View or print a PDF of this page

"In IT security, people are always the weak link."




CNI: employers, not hackers, are the real risk

Stephen Pritchard

IT Pro

20 September 2012


PA’s Bill Windle, a security expert, is quoted in an IT Pro article on cyber security. Bill talks about security threats and how carelessness, not conspiracy, could prove the greatest threat to national infrastructure. The Centre for Protection of National Infrastructure and PA Consulting Group have recently published the Holistic Management of Employee Risk (HoMER) guidelines, to enable companies to understand this risk and establish procedures for prevention and protection.

In the article Bill, one of the co-authors of the HoMER guidelines, talks about the impact a cyber-attack can have on a city. Bill refers to a recent US study that suggests big cities would start to lose vital services just a day and a half after a power outage, as equipment for pumping water or sewage stop working. 

A cyber-attack, though, is not the only way critical infrastructure might fail. Bill points out that sometimes problems are caused not so much by bad people, but by good people trying to cut corners or make honest mistakes. There is also the danger, he says, that some employees will engage in ‘counterproductive behaviour’ if they think no-one is watching.

Bill goes on to say: “In IT security, people are always the weak link. If you look at Stuxnet, that was an advanced technical attack, but it was also designed to spread via USB. There will always be attempts to exploit social engineering or human actors."

You can read the article in full here.

For our thinking and insights on tackling the challenges of cyber security, click here.  For more information on PA’s expertise on cyber security, contact us now.

Corporate headquarters
10 Bressenden Place
London SW1E 5DN London SW1E 5DN
United Kingdom
Tel: +44 20 7333 5865 Tel: +44 20 7333 5865
contact us now


Sign-up to receive company updates and press releases by email or newsfeed:



By using this website, you accept the use of cookies. For more information on how to manage cookies, please read our privacy policy.