Login

Register

Login

Register

#hacking | RSA retrospective: We need to democratize and demystify security for the masses



Dave Lewis

06 March 2020 at 15:52 UTC

Updated: 06 March 2020 at 20:36 UTC

Dave Lewis on the much maligned ‘human element’ of security

COMMENT I find myself sitting and staring at the TV screen and randomly blinking in an effort to keep my eyeballs from becoming parched.

I have this inescapable feeling of fast becoming an extra on the set of a 12 Monkeys reboot. I’m being only slightly tongue in cheek, if I’m honest.

So the theme of the RSA Conference this year was the ‘Human Element’. I’m certain that the organizers never imagined that this would inadvertently capture the zeitgeist with regards to the unfolding COVID-19 crisis that has gripped the globe.

There was no shortage of hand sanitizer stations throughout the conference. At one point I started to wonder about the toxicity levels of the stuff after I washed my hands for what might have been the hundredth time that day.

With all of the interaction between people at the conference, there was no shortage of hugs, handshaking, fist bumps, and elbow taps. This was well before COVID-19 really took off as a going concern in the wider public eye.

Getting the message across

Back to how we combat digital infections, the human element is a curious one. As security practitioners we tend to vilify end users as the source of everything that is wrong with security.

But the real problem here is that we collectively need to fall on our own sword for not doing a better job at getting the message across to a non-technical audience. How can we expect people to get better at security if we constantly berate them for their missteps?

“What were we thinking?” – the question hung in the air over the throngs of people in RSA’s keynote, delivered by Wendy Nather, head of advisory CISOs at Duo Security (full disclosure: Wendy is my day-job boss).

The question was very pointed. The pregnant pause that followed had the human element shifting in their seats for a moment.

She then delivered her frank take on the conversation about how security professionals have failed to change how the wider audience executes on security. “We are trying to secure an unsustainable security model,” she said.

Duo Security's Wendy Nather delivered the RSA 2020 keynoteDuo Security’s Wendy Nather delivered the RSA 2020 keynote

There should instead be a shift to an approach focused on collaboration and democratizing security to make security controls open and approachable to everyone, she indicated.

Case in point: have you ever used a tool written by an engineer for an engineer? Now, imagine your grandparents having to use the same tool to secure their email, and so forth. Yeah, exactly.

We have imbued security culture with some level of mysticism and pixie dust in a backward attempt to elevate our status – leaving the people we’re supposed to protect out in the cold.

“I know it makes people nervous, especially security people, to think about the idea of giving away control. But done right, collaboration will allow business and security to be agile,” Nather argued.

The message was clear: security really does need to be something that non-infosec people want to do.

We need to spend more time developing products that will demystify the discipline and persuade the human element that security is something they can do themselves, so that we can reduce the risk for all.

In short, we need to democratize security.

READ MORE RSA Conference: Latin American cybercrime ecosystem exposed



Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW