Monday, November 10, 2014

Blaming users for security incidents is counterproductive

The Associated Press has done some important research into the cause of cybersecurity incidents in the federal government. Unfortunately, they come to the wrong conclusion. They document the huge rise in security incidents, and then add:
"And [federal] employees are to blame for at least half of the problems."
Specifically, not because the employees are the hackers, but because
"They have clicked links in bogus phishing emails, opened malware-laden websites and been tricked by scammers into sharing information."
This is counterproductive. It blames end users for problems that the security community should be taking accountability for.

No comments:

Post a Comment