It was a morning like lots of others...I was headed to the airport for a week in our home office, so I got an early start, checked on the sheep on the way out (yes, sheep), and got on the road. Aside from being ridiculously early, the ride was uneventful until I got to my exit for the Mass Pike. That's I-90 for those of you outside Massachusetts and, when traffic is good (like at 4:30 in the morning), it's the fastest, easiest way to the airport. And the exit was closed. Well darn.
I had Google Maps running, not because I didn't know the way, but because a sick sheep had me running a bit late and I was tracking how much time I had to get through security and decide whether I was going to park in the economy lot (cheap and a healthy shuttle ride) or central parking (expensive and a quick walk to the terminal). Usually, Google Maps is pretty good at warning me about construction and traffic delays, but today it was apparently off its game. So I headed for the next exit and let it reroute me. It's the Mass Pike, after all - There are more than a few ways to get onto the interstate that connects Logan Airport to Seattle.
Google Maps, in its infinite wisdom, suggested I just flip around, head back up I-95, and take the northbound exit onto the Pike. That exit, I had noticed, though, as I sped southbound, was also closed.
So what's a guy to do?
Follow the detour signs, of course, and ignore the GPS.
Obviously, this isn't rocket science. Road signs are our friends and I knew where I was going, even if I wasn't familiar with the suburbs through which I found myself wandering. However, this is the sort of thing that would have thrown the more technology-dependent among us into a tailspin. I can almost guarantee that my wife and at least one of my kids would have been calling me from Worcester wondering where the airport had gotten off to. Again, for those of you who don't live in the land of funny sounding cities, Worcester (pronounced Wooster, in case you were wondering), is very much the wrong way.
As a former math teacher, I cringe every time a cashier can't make change without their register telling them what to give me back or a kid reaches for the calculator app on his phone instead of crunching through a bit of mental math. Technology is there to help us (I wouldn't have a job if it wasn't) and is an invaluable supplement for our own brains, but it's just that - a supplement, not a replacement.
The same is true of security (thanks for hanging with me while I got to the point...It's a long plane ride, just begging for a long-winded introduction to a security message). We can throw firewalls, sandboxes, client antimalware, and more at the bad guys and all of these things can dramatically reduce data breaches and malware infections. We can monitor and control traffic to shut down malware that is sending data out of our networks. We can even require employees to use a VPN while they're off-site to provide them with the same cyber protection they enjoy while they're in the office and lock down data moving between the network and a laptop in a Starbucks.
But all it takes is one click on a carefully crafted phishing email to put these careful protections in jeopardy. If just one employee decides that they would rather store documents in their personal Dropbox account, secured with a weak password or replicating to unsecured endpoints, there isn't a lot that even the most robust security solutions can do.
Recent high-profile breaches of government agencies and healthcare providers haven't been aimed at stealing credit card data for quick profits. Instead, most researchers believe that these attacks are designed to build profiles on large numbers of US citizens that can then be used for espionage, blackmail, and as inputs for highly targeted (and highly effective) spear phishing attacks. The more information, for example, included in a phishing email that makes it look legitimate to the recipient, the more likely a user is to respond and/or click through, providing credentials or inadvertently installing malware.
Security professionals are increasingly realizing that users are just as important (if not more so) to maintaining network security as hardware and software solutions. The key is maximizing the safety of the overall digital environment with smart security measures as well as ensuring that users are savvy and well educated about cyber safety. Involving users, employees, and customers in your security strategy is a critical part of staying one step ahead of the bad guys. Technology, security or otherwise, is, after all, a complement to our very capable brains.