All the latest UK technology news, reviews and analysis
|
|
|
31 Jul 2009
Security expert Bruce Schneier told delegates at the Black Hat USA 2009 conference that the human brain is not suited to IT security in the modern world.
Schneier said in his address that, in evolutionary terms, the human brain cannot deal with the complex threats that dog the modern environment, and that computer security is unlikely to be solved in our lifetimes.
"We have Stone Age brains. We respond to stories not data," he said. "We are very good at living in small family groups in the East African highlands, but we do not have a lot of experience in the modern world."
Schneier suggested that this had a direct relevance to computer security in that humans tend to think along narrative rather than empirical lines. For example, having a firewall is perceived as a great protector of a computer, but in fact a poorly configured firewall is worse than useless.
He also cited biometrics and airport security as cases in point, where seemingly good security measures are actually counterproductive.
There are two key parts of the brain that respond to stress. The amygdala, which is one of the oldest parts of the brain stem, deals with the fight or flight reflex. This is present in ancestors as far back as fish.
But advanced mammals have the neocortex, which makes people think rationally about the potential risks. This is how humans mitigate risks and rewards.
"This only exists in mammals. It is the newest part of the brain, kind of still in beta testing," said Schneier, giving the example of someone getting a dressing down from their boss and not feeling inclined to stab the person or run away.
However, this logical reasoning comes with certain costs, and raises interesting questions from a security standpoint.
Humans are story-telling creatures, Schneier explained, and good stories capture our interest despite the fact that they may be factually harmful. This tendency in humans will make security a hard goal to reach.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
My client is a well established, non profit organisation;...
PHP Web Developer – £30,000 - £35,000 PHP, MySQL, HTML...
HEAD OF DIGITAL - London - £80-95K + Excellent Bens...
Agile C# Developer - (North London) £55,000 - £65,000...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?