Chris Pogue of Nuix has penned a whitepaper that argues that the security industry has been “fighting the wrong battle” using the wrong tools for 20 years. He cites the human vulnerability as the factor behind this assertion.
“In the more than 2,500 data breaches I have investigated, I can count exactly zero that were caused by non-human-initiated system failure—like it or not, people are the problem,” said Pogue, Nuix’s Senior Vice President, Cyber Threat Analysis.
The white paper examines five cognitive biases—“bugs in our brain software”—that cause people to make poor decisions. It examines how other industries have learned to deal with these biases by concentrating on changing human behavior, and applies these lessons to the fight against cybercrime.
The abstract for the whitepaper reads: “Over the past 20 years, organizations have expended billions of dollars’ worth of time, energy, and intellectual property pursuing the elusive “next big thing” in cybersecurity. At countless security conferences around the world, vendors have touted their technological achievements and proposed their solutions to scores of hopeful attendees. Despite the collaborative efforts of the entire cyber-industrial machine, very little progress has been made. In fact, by all accounts, the threat landscape has actually gotten worse.”
Effectively it’s arguing that humans are the foot cause of all the flaws and attacks that have led to data being compromised, services being brought down and people in general being duped by cyber criminals. Is this why we’re still seeing huge breaches take place on a regular basis? Read the full whitepaper and decide for yourself.