The Weakest Link in Security

A while ago I attended a workshop drawing together most of Sweden's PhD students working in one way or the other with security. As you might expect the program was pretty diverse ranging from very hard core technical stuff to very fluffy stuff bordering on politics and human computer interaction.

There was one talk that I'd like to comment on. It was titled "Are Humans The Weakest Link In Security?" or something like that. The speakers intention with the title was to be a bit provocative. Many of my fellow PhD students which lean more to the technical side smiled at this title: "Of course humans are the weakest link!" They seemed to think that the question was rather silly.

I have a different opinion. My answer to the question is rather "Humans SHOULD be the weakest link". Otherwise technology has failed. Technology is here to help us. Sure, some of us like technology just for the fun of it. But the adoption of technology can only be motivated if it helps us in some way. This is especially true when it comes to security. If technology is a weaker link than its users what good is it then.

I don't think the question posed by the speaker was silly. I think it is good to ask such questions and ponder upon the answer. It might not be as straightforward as you might think.

No comments: