The Problem with Technology and the Human Factor
Introduction
Some organizations see the solution to information
security problems as a technical problem. Several suppliers propose the
same idea with technical solutions. The technologies of the security
manager are firewalls, antivirus software, PKI systems, and VPN. All of
them are valuable and protecting their network. If technology is
fallible like humans, the technology is equal to the person who knows
how to use it.
Computer Security
Everyone should have security on their computers and
networks. There are several shortcomings that view. Even the software
can be perfect, it would still have problems from hacker, testers,
viruses and software mistakes. They will find unchecked memory,
backdoors, and other weaknesses in commercial and in-house developed
software. The problem is multiplied by the complication of modern
information technology systems. Organizations that use multi-layered
security are going the right direction, but it is hard for every layer
of protection to be perfect. Protection of the organizing systems needs
intelligent users that do not create security bug for their systems.
Many organizations really don’t understand their
information security problems. They do not have all the information to
make sure that they know exactly the right technical solution to a
problem. They recognize the need for standard information security
software; however they rarely have basic information of requirements.
They buy firewalls for protection only with no care to monitor security
alarms, update attack signatures, or respond to new forms of network
traffic. They scan emails for viruses but ignore JavaScript. For a good
security you need to educate your workers about worms, spam mails
viruses etc.
The term “Technical solution” brings high
unrealistic expectations because technology requires the human keep it
up to date. Custom-made security technology is extremely expensive,
while standard cheap software is not as good and offer little advantage
to custom-made security technology. It puts creating the best
technology out of the hands of the uneducated people, because the people
are stuck with below standard technology when they do not know better.
Last but not least, someone has to use this technology. This can bring
big problems, because people can make mistakes.
Information Security is not much different from
security in general. After all, no one would put heavy security on
something not important. For example, who would put a heavy security
lock on a box if it only has something as unimportant as a rock? Also,
if a car looks good but has a broken window, then the whole car is not
safe, just like the information security. Protection against cyber
attacks works on the same idea. All weak points should be secured
whether on a desktop computer, an organization’s server, or a corporate
network. Information should also be entered through safe paths.
Human Factor on the Security System
There are a lot of security software in the world,
for example there is firewalls, intrusion detection systems, anti
viruses etc. All types of software designed are made to do a certain
function. This software will help protect a system. However, even the
best software cannot guarantee a hundred percent system security. Even
with the most advanced technology and passwords cannot be a hundred
percent safe. This is because people made the system and they can make
mistakes. So, people are the weakest part of technology.
The human factor is the main reason why attacks on
many computers and systems are successful. There are many great
examples, hackers, virus writers, and dangerous users use the human
factor to their advantage. Therefore, they use people to penetrate
systems.
Some Examples about Security
Many people do not understand why using software
with many weaknesses poses a security risk to their computer or system.
The many computer users see their computer as an object. They want to
use it as a washer, a microwave, or any other simple device. They don’t
want to know how it works. Even if they do, they would not know how it
works like other objects they use. They just think that if they install a
system that protect against viruses and software without weaknesses,
they’ll have nothing to worry about.
Not knowing the problems of threats is only part of
the problem. The human factor also comes into play. Many bad code starts
to show at the drafting stage, especially when they create security
policies and procedures. The security of wireless networks is in a poor
state. Many errors were made when wireless protocols were being made.
There is much written about them having bad program errors. While
programmers and testers continue to find bypass security, new exploits
will be found. Even the most developed software will be used, but again
the human factor will be there. If you have a poorly trained system
administrator and user, the best firewall or other protection systems in
the world will not protect your system.
The way users treat confidential information is a
careless approach to security. A similar situation can be shown in
everyday life. An example is a person leaving their keys on the door. A
lot of systems use an empty or weak password. Some systems have the
user’s name as the password just to access their system easily. Even
when users use a complicated password which no one can think, they write
their password on a paper or they forget it, therefore other users can
find their passwords.
Another human sense which hackers use is that humans
are curious. Many of us find email worms at some time in our life. We
know that these worms arrive as attachments to infected messages.
Sending the virus out is only having of what the virus writer has to do.
The worm has to be activated to multiply through the system and to
other computers. It could be activated by opening the attachment. You
might think that users might become worried when seeing attachments to
unexpected email. But surprisingly, the hackers know how to use our
curiosity.
It is interesting that people open unprotected
e-mails even if they are not supposed to. However, the numbers of people
who open the e-mails are always the same. This can be explained by the
fact that virus writers find new ways to trick people. On the other
hand, viruses do not only infect e-mail message, but you can also find
them all over the internet.
Conclusion
Computers are becoming more common every day.
Hacking is becoming more dangerous day to day. Hacking technologies is
becoming more complex. Creating a good security system is not easy.
There are many weak points in the system which is a never-ending process
to protect. There is always new technology being developed. They are
use to solve problems. They have their disadvantages too. Hackers, virus
writers, dangerous users invent new ways to exploit the security
software being used. The result is a war between cyber criminals and
security professionals. It does not matter if you have the best
security product or a professional security engineer, technology is only
as good with users that know what they are doing.
Ali Kapucu
No comments:
Post a Comment