People often represent the weakest link in the security chain and are chronically responsible for the failure of security systems.
— Bruce Schneier, Secrets and Lies
Is it
ever safe to swim with sharks? Who in their right mind would ever feel safe?
Yet, the security of web infrastructure and applications are least concerned in
most of today’s businesses, when the Internet is full of sharks, trying to hack
your application and stealing/damaging data.
It is
true that most companies have spent money on security infrastructure like
Firewall, IPS & IDS and fortified their infrastructure but not enough attention is paid to their most
valuable asset, “people”. How many of them are aware of safe security practices
in their day to day work? How committed are they to practice them?
In a time when everyone uses third party vendors for
development, sites hosted with third party vendors, while the
applications handshake with yours and your partner’s systems for SSOs and authentication, security should
be in limelight, yet it always takes the back seat or in most cases it is an
afterthought!
Most
organizations don't see value in educating their employees about security and
precautions, let alone taking time to think through the scenarios when developing
applications. If you think it could never happen, either it's a matter of time
or you never realized to see the activities on your systems, perhaps going
undetected. No matter what's been spent on technology, if the awareness and the
commitment across your organization are not maintained high, people will remain
to be the weakest link. If you are naive, I strongly recommend you to read up on Kevin
Mitnick's “Ghost in Wires”. (I couldn't put it down after started reading :)
Have
proper procedure and policy about social site usage and be it known to
everyone. have a process to make sure every new and old employees,
onshore/offshore consultants to learn about security threats and risk and have
them committed to follow precautions in their days to day job. It is a good
thing to have a healthy amount of paranoia!