IT security professionals should operate under the assumption that their networks are compromised, and look at ways to ensure that the system works regardless, according to the head of information risk management at Barclays.
Stephen Bonner argued during a panel debate at Infosecurity Europe today that it is wrong for security chiefs to try to create a "bubble of safety" in their systems because it is a false hope given the numerous threats and flaws.
Bonner clashed with his fellow panelists, both heads of information security at large multinationals, arguing that users do not benefit from feeling that they are being "watched" and should not be treated like children.
It is the information security professional's responsibility to educate users so that they can make the right decisions, according to Bonner.
"I believe that it is not all the user's fault. Users generally make informed and sensible decisions, and our goal is to educate and inform them," he said.
"It is not about banning things; it's about making it easier to do the right thing and letting them know you trust them."
However, Peter Ronaszeki, head of corporate security at Lufthansa, offered the view that IT security groups need to be more didactic.
"It is important to know that someone is watching," he said. "It is also important to catch the user's attention. Security is boring so it's unrealistic to force users to read all your policies, which is why we do regular refreshers. "
Henry Acevedo, head of information security at Adecco Group, argued for the need to balance user education with technical measures such as network access control systems so that "you have an opportunity to tell the user when they do something wrong".
Bonner revealed that Barclays is currently trialling an adaptive learning initiative whereby users are quizzed before rather than after a presentation, allowing more focus to be put on the areas where there are found to be gaps in knowledge.
"It's about changing the mindset from it being another layer of inconvenience to something they want to do well," he explained. "Once you've cracked that cultural change, training and awareness programmes will work a lot better."
Climate change likely forced inhabitants of Indus Valley civilisation to resettle in the Himalayan foothills
Shift in weather patterns made agriculture almost impossible in the Indus Valley region
Researchers claim that the magnetic properties of a thin-film material can be controlled by applying a small voltage
Dubbed Antlia 2, the ghost galaxy sits just 130,000 light-years away from the Milky Way
Delays to the roll-out of age verification for adult websites hasn't stopped government from considering extending them to more websites