Better security technology means that hackers are focusing more on the point where humans meet machines in their efforts to penetrate systems.
In his keynote to the RSA 2009 conference, Brian Truskowski, general manager of IBM's Internet Security Systems (ISS) business, told delegates that despite all the improvements in security technology the human element was still the key weakness in any system.
“We need to admit humans will always fall for a good hoax, then we need to accept it and move on,” he said.
“Humans are an infinite threat to security. This is why security has moved to the machine/human interaction point, chiefly the browser and the application.”
He gave the example of Kevin Mitnick, one of the most famous hackers of all time. Mitnick himself admitted that his success was down less to his computer knowledge and more to an ability to fool people with social engineering.
Truskowski said that for security to be effective it needed to be built into the enterprise from the ground up and be responsive. Too many vendors focused just on blocking one attack vector when a more flexible approach was needed.
The situation was similar to the Titanic, he said. The ship builders focused on strength, speed and luxury and ignored maneuverability, which proved fatal for many of the passengers.
“Too many chief executives see the iceberg coming but can't do anything about it,” Truskowski said.
Companies should focus on building flexible network security and consider offloading part of the business to managed security vendors, he continued, as there are simply not enough good security personnel available for IT departments to hire.
Some parts of Atacama have not received rainfall for 500 years - but a sudden deluge of water upset the Desert's delicate biological balance
Spitzer Space Telescope could not spot Oumuamua, suggesting that it is actually pretty small
Greenland crater one of the 25 largest impact craters on Earth
This long-sought progenitor star was identified in an image captured by Hubble in 2007