The very first lesson taught to me in my computer classes where “A computer is as smart as you are” and this statement holds good even today. For the computer would do only that a person would want it to do. The only advantage a computer has over human is that of speed and storage capacity.
While looking at various aspects of data loss, the end reason always point to “PEOPLE”. The above statement holds good not only because there are data loss (which is now the high rated security risks), even if you look at any frauds that has happened in the recent past, everything has been manipulated by “HUMAN”. No matters what standards are adopted, what stringent rules are set in an organization, frauds still happen.
In an organization that is financially in very good position, has all the best technological gadgets implemented to ensure no frauds or data loss happen. The organization is certified against 7799, 27001, PCI DSS, you name it. They have the best security professionals and chief executives to run the organization, who are on their toes to identify what new is going to come and how they can protect their organization from different attacks. On the other hand we would be having an employee sitting beside his cubicle or on the next floor using one of the USB data card to connect his/her PC directly to the internet.
We all are aware of the rules of driving, but sometime we tend to break those by not knowing the consequences or maybe the law is liberal. Again the law made by people might be stringent but it is made liberal by the people practicing the same. We still break the rules on the road by knowing that the consequences would affect us directly. Now how would one not break a rule, if they know that the consequences might not affect them directly, but the organization would suffer.
I think we are all done with standards, compliance, certifications, awareness etc. We need to have a cultural change. None of the standards or compliance requirements talks about how to bring this paradigm shift of culture in an organization. It is never easy as the parameters that need to be considered to get a cultural change are too many from people to geographic locations to business verticals etc. Looking forward for something that would help us bring this change.
“In the past battle was happening between human face-to-face using weapons. Now it has changed to battle fought using technology, never to forget, it is still between human.”
