Hide Techdirt is off for the long weekend! We'll be back with our regular posts tomorrow.

Human Error Is Greatest Security Risk

from the no-surprise-there dept

For all the talk about “trustworthy computing” and how buggy software is a big “cybersecurity” risk, it turns out (and, no, this shouldn’t surprise you), that the biggest security risk remains human error – and not security holes in software. People simply configure things wrong and leave security wide open all the time. While there’s nothing wrong with promoting better software, it might be more productive to better train IT workers in properly securing systems.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Human Error Is Greatest Security Risk”

Subscribe: RSS Leave a comment
LittleW0lf says:


I’d agree if they were including stupid mistakes by programmers, but there is no way that a stupid mistake by administrators can cause more trouble than stupid mistakes by programmers. No way, I don’t believe it, and a survey run by a certifier against those who went through their certification program isn’t going to make me believe it any more than if Microsoft said that stupid mistakes by Unix administrators caused more problems than stupid mistakes by Windows administrators.

Yes, stupid mistakes by administrators setting up computers do happen, and sometimes they mess the machine up enough that an attacker can access their system… I’ve been on many an assessment where we busted root in a server because the administrator did the wrong thing, and many a DefCon CTF where the same occurred, but to find these vulnerabilities takes an attacker of far more caliber than your normal script kiddies who pound Unix boxes with Windows exploits.

And besides, education trumps these types of errors, but looking at Microsoft for experience, very little is accomplished when you try to teach programmers to do the right thing, but don’t have any real code review process in place. I’d take computers with OpenBSD on them, administered by clueless newbies over Windows boxen administered by the best of the best any day.

Then again, I have the best of the best running OpenBSD….

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...