One Article Review
Accueil - L'article:
Source AlienVault.webp AlienVault Blog
Identifiant 455329
Date de publication 2018-01-02 14:00:00 (vue: 2018-01-02 14:00:00)
Titre I Am Dave
Texte This cartoon has been making the rounds on the internet for a long time. It depicts how all security technologies and efforts can be undone by “Dave” the ‘stupid user’.  I can’t think of many (well no) real industries that treat their users, peers, and customers with the same level of disdain. Imagine the automotive industry pushing a similar message. ‘On one hand we have seatbelts, ABS, airbags, five star safety features… and on the other hand we have dumb drivers.’ Or a gym stating, ‘We have personal trainers, protein shakes, free weights, machines, exercise classes… and on the other hand, we have lazy people that just want to binge watch shows and eat pizza.” Maybe a college could claim, ‘We have the best teachers in the world, pity about the unruly students. No, seriously, I mean, governments have been overthrown for a lot less. I’m frankly quite surprised there hasn’t been at least some level of civil unrest where an unruly mob surrounded the IT Security department, only to be dispersed by the CISO, dressed in full riot gear with a water cannon. While most security advice for users is all well and good, it is far from practical for the vast majority. How do I know this? Well, after giving out security advice for most of my career, I recently found myself falling short of much of my own advice. Our CISO at AlienVault, John McLeod, is a very nice man. But I did feel the urge to shake a fist at him a few days ago after I fell victim to a rather clever phishing email he’d sent out as part of an awareness campaign. It was well-crafted, had no grammatical errors, and in my haste while on my phone, I clicked on the embedded link. There goes my perfect record of not falling for a simulated phishing email. Then I was hit by a second surprise as I was informed by a service provider that my account had been disabled due to my credentials being found in a breach. I was grateful to the service provider for informing me, so I went about diligently changing my password, when I realised that this provider also had two-factor authentication which I had not enabled. Three strikes. I then spent the better part of the next two hours changing old passwords (I may have reused a couple), enabling two-factor authentication wherever it was available, and doing a search for all my various credentials on haveibeenpwned.com. It made me realise how security still has a long way to go in perfecting its user experience. Creating products that users genuinely find useful, usable, credible, accessible, valuable, or even desirable. But most of all, it made me realise, that while I may work in IT Security, I too am Dave.     
Envoyé Oui
Condensat ‘on ‘stupid ‘we about abs accessible account advice after ago airbags alienvault all also authentication automotive available awareness been being best better binge breach but campaign can can’t cannon career cartoon changing ciso civil claim classes… clever clicked college com could couple crafted creating credentials credible customers dave days department depicts desirable did diligently disabled disdain dispersed doing dressed drivers due dumb eat efforts email embedded enabled enabling errors even exercise experience factor falling far features… feel fell find fist five found frankly free from full gear genuinely giving goes good governments grammatical grateful gym had hand has hasn’t haste have haveibeenpwned he’d him hit hours how i’m imagine industries industry informed informing internet its john just know lazy least less level link long lot machines made majority making man many may maybe mcleod mean message mob most much myself next nice not old one only other out overthrown own part password passwords peers people perfect perfecting personal phishing phone pity pizza practical products protein provider pushing quite rather real realise realised recently record reused riot rounds safety same search seatbelts second security sent seriously service shake shakes short shows similar simulated some spent star stating strikes students surprise surprised surrounded teachers technologies then think three time too trainers treat two undone unrest unruly urge usable useful user user’ users valuable various vast very victim want watch water way weights well went when where wherever which work world
Tags
Stories
Notes
Move


L'article ne semble pas avoir été repris aprés sa publication.


L'article ne semble pas avoir été repris sur un précédent.
My email: