"In IT security, people are always the weak link."
BILL WINDLE, PA SECURITY expert
PA’s Bill Windle, a security expert, is quoted in an IT Pro article on cyber security. Bill talks about security threats and how carelessness, not conspiracy, could prove the greatest threat to national infrastructure. The Centre for Protection of National Infrastructure and PA Consulting Group have recently published the Holistic Management of Employee Risk (HoMER) guidelines, to enable companies to understand this risk and establish procedures for prevention and protection.
In the article Bill, one of the co-authors of the HoMER guidelines, talks about the impact a cyber-attack can have on a city. Bill refers to a recent US study that suggests big cities would start to lose vital services just a day and a half after a power outage, as equipment for pumping water or sewage stop working.
A cyber-attack, though, is not the only way critical infrastructure might fail. Bill points out that sometimes problems are caused not so much by bad people, but by good people trying to cut corners or make honest mistakes. There is also the danger, he says, that some employees will engage in ‘counterproductive behaviour’ if they think no-one is watching.
Bill goes on to say: “In IT security, people are always the weak link. If you look at Stuxnet, that was an advanced technical attack, but it was also designed to spread via USB. There will always be attempts to exploit social engineering or human actors."
You can read the article in full here.