People are the Hardest Part of Cybersecurity

Dateline: March 2, 2018

Welcome to our Friday WRAP – one thought-provoking idea to think about over the weekend.

Making a company cyber resilient is both a people and a technology problem.  Recently, TechTarget interviewed Alissa Johnson, the CISO of Xerox Corp.  In that interview, she was asked about the difficulty of managing these two critical components of cybersecurity.

What is more difficult in cybersecurity management: technology or people?

Johnson: This is a great, great, great question, and I love my people. But people are sometimes the hardest thing. You can teach technology — you can tell technology exactly what you want it to do, and it’s going to stay right in that box and do it. But people — you have the humanistic side, that side of us that automatically wants to trust, that side of us that automatically wants to believe that something is good, that will click on a spear-phishing email and get us all in trouble.

So I think the people part is the hardest part, but that’s the part that requires the most education. We have to make sure that our culture understands security to a certain extent.

How does your company balance effort/resources spent on technology with effort/resources spent on making sure your people are cyber secure?

(Full Disclosure: I’m the Executive Director of Cybersecurity at MIT Sloan research consortium which studies the difficult questions about the people side of cybersecurity.    If you are interested in our research on building a cybersecurity culture, you can download a research paper we have written on this subject here)

That’s a WRAP!  Have a great weekend.

Speak Your Mind