Posted on by Achim D. Brucker, licensed under CC BY-ND 4.0.

Weakest Link in Cybersecurity

The current pandemic has forced many businesses into a very sudden and far-reaching adaption of digital technologies to facilitate remote working. This change looks as though it is here to stay.

We are seeing an increasing number of criminal activities that try to take advantage of both the large number of novice remote works and the general uncertainties that the current situation brings.

Consequently, many businesses are faced with the question: what is the weakest link in our cyber defense that we need to strengthen? Many of us will be reminded of the catchphrase “humans are the weakest link in cybersecurity”. But is this really a good picture that should guide our actions?

The problem with this picture is that it makes it too easy to blame users: we trained our staff not to click on links in emails and still, they are doing it. Actually, the picture hinders us to ask two important questions: first, how can we improve our processes so that users do not have to click on links and, second, how can we build a system for which clicking on links is secure and safe.

A better picture might be a swing with two chains: we need to keep both chains strong and in good shape, so that our children enjoy using a swing that keeps them safe. Translating this picture to cybersecurity means that we need to address the weak links in our “social chain” and our “technical chain”. Moreover, we need to bring both together processes and IT systems that are easy to use and support the tasks the users need to fulfil in their role. We need to develop systems that are safe and secure by design, that are easy to use and maintain. This, together with supporting and educating users will minimize the risk of becoming a victim of criminal cyber activities.

Stay safe and secure and keep your knowledge, skills and technical systems up-to-date.

Note: This post has also been published on the Research & Innovation Blog of the University of Exeter and in the South West Business Insider.

Welcome to the blog of the Software Assurance & Security Research Team at the University of Exeter. We blog regularly news, tips & tricks, as well as fun facts about software assurance, reliability, security, testing, verification, hacking, and logic.

You can also follow us on Twitter: @logicalhacking.

Categories

Archive

Tags

academia ai android apidesign appsec bitcoin blockchain bpmn browser browserextensions browsersecurity bug certification chrome composition cordova dast devops devsecops dom dsbd efsm epsrc event extensions fixeffort floss formaldocument formalmethods funding hol-ocl hol-testgen humanfactor hybridapps iast industry internetofthings iot isabelle/hol isabelledof isadof latex logic maintance malicous mbst mobile mobile apps modelinference modeling monads monitoring msc ocl ontology opensource owasp patches pet phd phdlife phishing policy protocols publishing reliability research safelinks safety sap sast sdlc secdevops secureprogramming security securityengineering securitytesting semantics servicecomposition skills smartcontract smartthings softwareeinginering softwaresecurity softwaresupplychain solidity staff&positions statemachine studentproject tcb test&proof testing tips&tricks tools transport tuos uk uoe upgrade usability verification vulnerabilities vulnerableapplication webinar websecurity

Search


blog whole site