Skip to content


  • Add this article to your LinkedIn page
  • Add this article to your Twitter feed
  • Add this article to your Facebook page
  • Email this article
  • View or print a PDF of this page
  • Share further
  • Add this article to your Pinterest board
  • Add this article to your Google page
  • Share this article on Reddit
  • Share this article on StumbleUpon
  • Bookmark this page

CNI: employers, not hackers, are the real risk

"In IT security, people are always the weak link."




Stephen Pritchard

IT Pro

20 September 2012


PA’s Bill Windle, a security expert, is quoted in an IT Pro article on cyber security. Bill talks about security threats and how carelessness, not conspiracy, could prove the greatest threat to national infrastructure. The Centre for Protection of National Infrastructure and PA Consulting Group have recently published the Holistic Management of Employee Risk (HoMER) guidelines, to enable companies to understand this risk and establish procedures for prevention and protection.

In the article Bill, one of the co-authors of the HoMER guidelines, talks about the impact a cyber-attack can have on a city. Bill refers to a recent US study that suggests big cities would start to lose vital services just a day and a half after a power outage, as equipment for pumping water or sewage stop working. 

A cyber-attack, though, is not the only way critical infrastructure might fail. Bill points out that sometimes problems are caused not so much by bad people, but by good people trying to cut corners or make honest mistakes. There is also the danger, he says, that some employees will engage in ‘counterproductive behaviour’ if they think no-one is watching.

Bill goes on to say: “In IT security, people are always the weak link. If you look at Stuxnet, that was an advanced technical attack, but it was also designed to spread via USB. There will always be attempts to exploit social engineering or human actors."

You can read the article in full here.

By using this website, you accept the use of cookies. For more information on how to manage cookies, please read our privacy policy.