You know the phrase. “Social engineering: Because there’s no patch for human stupidity.” But there absolutely is, says Jayson Street.
There is a patch, no one wants to do it, because it’s difficult. But there is a patch, and that’s continuing education. Not one off lessons. Not a one and done test that [employees] have to take once a year for compliance. But an actual earnest indoctrination in making them part of the security process, instead of a liability or a result of bad security. They should be part of the security process," Street told Salted Hash.
In short, if we don’t patch the human – no matter how good the tech is – we’re still going to have problems.
The article goes on to say:
“Everybody wants to build a Blinky Box, and build technology that intercepts and protects the human, instead of getting humans to be developed and educated enough to protect the technology. They’re not a liability, they’re an asset. [Humans] are the biggest intrusion detection system that you’re going to get.”