People overestimate themselves quite often. We would like to believe that we and our colleagues work super safely. Just ask your colleagues if they think they are smarter than average, better at driving or have better leadership skills than others. Most will answer a resounding “yes. But we can't all be above average. Hackers know how to take advantage of this and capitalize on it. People are well-confident, overestimate themselves and that makes them vulnerable. Especially when it comes to working securely. People are therefore the weakest link when it comes to security. Wherever people work, mistakes are made. Consciously or unconsciously. So does this mean that we cannot trust ourselves and our colleagues at all? Fortunately not, because with the right training and technical measures we can respond to this and catch these mistakes.
Proper awareness training will get you a long way. However, technical measures are also necessary. After all, these are not good faith nor do they overestimate themselves. Technical measures are driven by data, and data doesn't lie. False positives still occur, unfortunately. With technical measures you can close down your entire ICT environment, kind of like Fort Knox. I believe that creating a good balance between trust from your colleagues and also taking technical measures is vital for creating a conscious and above all secure organization.
How do you deal with this? Do you choose to trust or seal?
