RSA Conference: Security firms need to 'shine a flashlight on risk'
Hugh Thompson, People Security talks about...people
RSA Conference Europe saw programme chair Herbert ‘Hugh' Thompson challenge the IT industry to face fundamental changes, and respect the differences in the way individual people used computers.
The internet guru and bestselling author said that companies need to build tools and technology that took into account different user risk profiles and the choices they made, what he called the 'human aspect' of IT security. He said: “We need to build tools and technology which respects those differences.”
“We need to be the people who show a flashlight on risk to the business, and enable them to do stuff, not hold them back from doing things, actually allow them to embrace certain technologies quickly and easily, once we've properly assessed the risk," he said.
Thompson said that ‘risk assessment' would have to come down to individuals. He said that changes in the last 18 months and the tendency of employees to bring their own devices had resulted in a challenging problem/ opportunity. He said that people were not outside the normal control structure of the enterprise.
He continued: “I challenge you because we have to do this. It's not an option that we need to personalise security - we have to. The cost to send one personalised email attack is beginning to approach zero dollars, because tools are getting so good.”
“Once that starts to happen it's going to be incredibly difficult for people to make fine-grain security choices, and make the distinction between a good and bad email.”
He said that it was becoming ‘Russian Roulette' for some people when opening emails, as it was so easy for criminals to find out information about people they are looking to target, simply with a Google search.
He added: “It's the death of first impressions. It's no longer under your control. It's interesting from a societal point of view, but think about what attackers can do.”