The 12 Scams of Christmas 2013 When my son was in the midst of his college search, we sat in on presentations about different majors. He knew that he wanted to major in something to do with computers and technology, but he wasn’t sure of the direction in which he wanted to go. The presentation […]
The 12 Scams of Christmas 2013
When my son was in the midst of his college search, we sat in on presentations about different majors. He knew that he wanted to major in something to do with computers and technology, but he wasn’t sure of the direction in which he wanted to go.
The presentation we attended was for a major that focused on IT security—back when it was still a relatively unheard of major. The professor leading the presentation asked the kids in the room about their computer skills: Who built websites? Who took different programming classes? Who built computers from scratch? My son was one of the only kids in the room to raise his hand, and the other kids in the room looked nervous that they did not have these skills. The professor said, “That’s great, but it isn’t important in this major.”
He went on to say that this new IT security major would teach computer skills, but it would also require students to study history, psychology, sociology—the social science skills that you don’t usually associate with a computer-related major. But the professor pointed out that security is about understanding people and behavior first, and then understanding how to protect the network against that behavior.
Today I was reminded of that presentation when I came across a blog post by Jessica Barker on the E-consultancy site. Barker pointed out that cybersecurity is more about people and less about technology than most of us realize. In her piece, Barker says:
In cyber security we often say ‘there is no such thing as a malicious machine.’ Trace a cyber attack or information breach back to its source and you won’t find code, you’ll find a person.
In fact, most information breaches are the result of human error and a lack of awareness, and the ‘human problem’ appears to be increasing.
She’s absolutely right. How many surveys do you read that say the biggest risk to the network and lost data is employee error or malicious insiders?
However, cybersecurity has changed over the years. It is no longer just protecting the network from malware. It now involves understanding who is a threat to the network and data and how they are a threat. It can be as simple as writing a security policy for BYOD based on the employees who use it, as complicated as anticipating who may want to infiltrate the network to steal your intellectual property, or as complex as recognizing if your company might be targeted in a specific attack.
Technology is always going to be the integral component of IT security. It has to be. Someone has to understand the network and computers work so they can be protected—it is the reason IT departments become the de facto data security staff. But as attacks become more sophisticated, is the technical know-how enough?
A recent survey from EY found that at least half of all companies don’t think they have enough skilled resources to protect the information on their systems. That includes the IT staff. But at least some of those skilled resources should be people who understand human behavior, because like it or not, people are the network’s greatest enemy.
Sue Poremba is freelance writer based on Central PA. She's been writing about cybersecurity and technology trends since 2008.
The go-to resource for IT professionals from all corners of the tech world looking for cutting edge technology solutions that solve their unique business challenges. We aim to help these professionals grow their knowledge base and authority in their field with the top news and trends in the technology space.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
