will we ever solve the "people problem"?

Other than their strange words for things like elevators, hoods,
trunks, toilets, etc. I don't think people in the UK are that different
from people in the US. Especially when it comes to technology and
business. Novell (remember them? thanks for the CNE!) commissioned a
study that found that 90% of UK workers don't think basic email security is their problem.

When
I read this, my immediate reaction was “WTF! How could you not care if
you get infected with or infect someone with a virus?” Then, I read one
of the comments to the article which was posted by someone who is
likely one of the 90%. The gist of their post was why should they care
when all IT ever does is try to lock down their computer, tell them
what they can do with it, limit their access to things, etc.

So
this is what it's all about–us (IT) vs. them (users). No, I don't
think this is the reason viruses are still spreading faster than the
Paris Hilton sex video. I think this attitude is very prevalent among
business computer users but it isn't the source of the problem. People
are the problem. Lay the blame with whichever group you
want–developers, management, staff, customers, the janitor–it doesn't
matter. Developer people will continue to create vulnerable
software due to the pressures of management people which they will
attribute to the customer people and/or to the manager people that run
their competitors. User people will continue to fall for social
engineering ploys and click on that damn attachment in their email.

Can
technology solve the people problem? No. Can it help? Absolutely. There
are existing technical solutions to tranferring files in a safe manner
and authenticating the sender. Do people use them? Hell no. Why not?
They are lazy or cheap. Oh sure, some people will call it efficient and
cost effective but that's just sugar coating reality. Like all aspects
of security, there are tradeoffs. Since the cost of viruses can't
easily be quantified and the costs can't be attributed to affected
parties, companies don't see the problem. Why fix a problem if you
can't put a pricetag on it?

Will the “pain” ever become great
enough for companies to take email security seriously? I sure hope so
but I don't hold out hope.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s