/ Loistava
You clicked on what?
Check out this piece of conference swag.
An infosec vendor gave out these T-shirts at a conference last year.
Initially this shirt made me laugh, but just wondering if we should try not to make fun of “the stoopid users” so much.
Are "people" really the weakest link in the cybersecurity chain?
Lance Spitzner prefers the phrase:
"People are the primary attack vector."
This subtle change in messaging reframes the conversation, and moves the blame away from the user.
He encourages all of us to stop *blaming* others and figure out how to *enable* instead.
"After all, how many operating systems do you know of that self-report when they've been hacked?"
Just wondering if there are other ways to shift the convo when we engage with ordinary consumers / end users without talking down or making them feel “less than” for their lack of technical skillz?
Cybersecurity savvy *isn't* evenly distributed in the general public. Lots of folks are living below the cybersecurity poverty line, and don't even know it.
#Infosec
#Cybersecurity
#BeCyberSmart
#InfosecTraining
Lance Spitzner is a board member of the National Cybersecurity Alliance.
How about this: "The user interface (UI) failed to help the user to make choices in their own interests."
Note that you'll find a LOT of people advocating for UIs that fail to help users to make choices in their own interests, and instead help them to make choices in the best interests of the entity providing the UI. (examples _Everywhere_)
When you let arbitrary entities (nearly) completely control the UI ("the web") with little to no negative impact for negligent or even malicious behavior, we get ... "cybersecurity".
It really isn't about the victim. Experts make poor choices / click on the "wrong" thing too. Some people work to mitigate that (laudable), but we're building on a foundation of sand.
Shift the conversation by asking what needs to change to help the real human people make good decisions. They are intelligent active participants who are trying to do the right thing 99+% of the time.
