From weakest link to security factor

Security guidelines can be helpful. However, if guidelines conflict with daily workflows or are not easy to apply, users often develop insecure strategies to circumvent them. For example, they may keep their password in an open place because it is difficult to remember, or they may simply add a number to the end of their password if frequent password changes are required. Unfortunately, this behaviour often makes an attack much easier. The strategy whereby people are asked to simply adapt to technical specifications is therefore only moderately successful.

Targeted attacks becoming more common

The rise in the number and quality of cyber attacks that target the “human factor” is also worrying. Phishing attacks, for example, use social engineering in an attempt to trick people into downloading malicious attachments or entering their secret log-in details on fake websites.

Cyber-security research must therefore start to break new ground. Among other approaches, recent research aims to improve the fit between people and security solutions. Password alternatives generated from images or gamified training, for example, can help make users more aware of cyber threats. This should help to better bridge the gap between technical requirements and human capabilities.

In my opinion, however, it would make even more sense to understand and utilise the untapped potential of people and their abilities.