Abstract :
Information security has long hinged on trusted insiders\´ ability to make good decisions. However, modifying human behavior through training is difficult; some battle-worn security executives might even dismiss it as impossible. Although foundational controls such as antivirus, data leak protection, and firewalls are important, they\´re far from sufficient. The sharp rise in "knowability" of people at a distance raises an important question for the information security industry about the automation of personalized attacks: what happens when the marginal cost of launching a convincing personalized attack starts to approach $0? Today, most security controls are ignorant of rich historical data about the person they\´re tasked with protecting. As the cost for attackers to personalize their attacks goes down, our zeal in building technology to personalize defense must rise. This article explores our industry\´s need to embrace security\´s human element.
Keywords :
firewalls; security of data; antivirus; battle-worn security executives; data leak protection; firewalls; foundational controls; human behavior; human element; information security; personalized attacks; security controls; trusted insiders; Access control; Behavioral science; Computer security; Decision making; Human factors; Information security; information security; security; security architecture; social engineering;
