The Human Element of Information Security

Information security has long hinged on trusted insiders\´ ability to make good decisions. However, modifying human behavior through training is difficult; some battle-worn security executives might even dismiss it as impossible. Although foundational controls such as antivirus, data leak protection, and firewalls are important, they\´re far from sufficient. The sharp rise in "knowability" of people at a distance raises an important question for the information security industry about the automation of personalized attacks: what happens when the marginal cost of launching a convincing personalized attack starts to approach $0? Today, most security controls are ignorant of rich historical data about the person they\´re tasked with protecting. As the cost for attackers to personalize their attacks goes down, our zeal in building technology to personalize defense must rise. This article explores our industry\´s need to embrace security\´s human element.