The “human aspects” of security refers to things that the average person does that can either strengthen an organizations security posture or introduce unnecessary risk into an organization. The human aspect can refer to both the malicious actor who is attempting to gain access to a system/resource as well as the employee who means well but unintentionally causes issues. An example of this is the fact that humans (especially in Western cultures) are relatively trusting and friendly. A malicious individual can exploit this character trait by convincing an employee that the malicious individual is new to the office and needs to meet with person x. The employee who wants to be helpful provides the malicious individual with person x’s office number, and the malicious individual is now able walk up to person x’s office and steal sensitive information from the office.
Companies often times spend hundreds of thousands of dollars on the latest and greatest flashing box which promises to protect the enterprise against all threats but will completely neglect their internal security awareness program and this is why exploiting the human aspect of security is so effective. It doesn’t matter how secure your house is if you gave a burglar the key. By addressing the human aspect of security, organizations can significantly improve their security posture.
Interested in learning more about the “human aspect” of security? Contact us and we’ll be happy to help!