We live with risk every day, and we work very hard to stay safe. We lock our doors, shred our mail, guard access to our credit cards, and protect our data with passwords. In recent years, however, we have seen a rash of situations that have challenged our perceptions of security: personal data compromised on Federal Government systems, hackers stealing information from large companies, and workplace violence caught on live television. There is no shortage of examples.
These incidents raise many questions, such as: In a highly connected world that moves at a near sprint, how secure can we expect to be? With demand for customization at an all-time high, are we willing to accept tradeoffs between security and convenience? Should we place cameras and other sensors everywhere? How much of our limited resources should we spend to protect our data, our people, and ourselves? Is there a role for humans in the security of tomorrow or is technology the best answer to countering risk in an uncertain world?
Certainly, those of us at Toffler Associates have explored the idea that humans are the weakest link in a security system. Regardless of the threat, you see disgruntled employees leaking sensitive data, careless employees losing key cards, access badges, laptops, and tablets, or key employees divulging confidential information, often with no malicious intent. We circumvent security measures because they are too restrictive. Humans just don’t follow the rules. So should we eliminate ourselves from the process? Let’s leave that question for a minute and visit the alternative.
In contrast to humans, machines are compliant – they’re programmed that way. They don’t mind sifting through millions of bits of data to find anomalies. They don’t get tired or bored. They are much better at processing large amounts of data. They’re able to recognize patterns and deviations, correlate data, and yield insights exponentially faster than humans. Existing infrastructure allows them to deliver information rapidly across the human-machine enterprise and enable prompt decisions. Machines – more data, more technology, greater speed – must be the answer, right?
We don’t think so. As things are now, machines are dependent on their environment. They must have a working power supply, for example. They can alert us to breaches in our security software, but they can’t necessarily deny access to intruders or troubleshoot problems on their own. They can’t protect themselves from storms, earthquakes, or floods. Continually we see machines compromised either by other machines, or more regularly, and publicly, by humans through deliberate intrusion efforts.
As artificial intelligence evolves in the coming years, we may find ourselves with a new set of problems as machines become capable of acting on their own. Science fiction has already given us a glimpse into a “good idea gone bad” with Hal from 2001: A Space Odyssey and Skynet from the Terminator franchise. In the movie 2001, Hal takes over a space station from its human inhabitant and tries to kill him. In Terminator, humans construct a massive artificial intelligence called Skynet to handle the defense of America. Skynet becomes self-aware, links to other computer networks, protects itself from harm, and ultimately destroys the world. By taking this argument for total reliance on technology to its logical, but untenable ending, Terminator demonstrates that we might not want to live in a world controlled only by AI, and we might want to remain integral to the system.
Hal and Skynet may be extreme examples, but if we take a peek over the horizon, our greatest threat may be our current responses to immediate need. We seem to focus constantly on the urgent and immediate instead of the important. We make assumptions about the risks and threats facing our organizations and ourselves. We continue to expand our exposure through new devices, new apps, and a constant demand for data. What happens when we don’t invest in human capital and continue to train?
Humans are without question a major security risk, but the answer is not to only focus on more technology. The answer is to focus on both the people and the technology. We continue to expect humans to live, work, and operate within a construct protected by machines, but we avoid deliberate efforts to increase capabilities and awareness while expecting humans to accept machines as the answer. We must strive to understand more than just our immediate challenges and provide better training and awareness to our employees and our teams.
Risks aside, humans have an integral, although increasingly overlooked role in security. If we continue to focus on technology and ignore the training, awareness and broader human capital side of security, where are we going to find ourselves in five years? We need to start taking security seriously today and embracing the role of the human, not marginalizing it, or we risk finding ourselves solely reliant on machines we have demonstrated to be imperfect and incapable of addressing the entirety of the challenge on their own.
Do you know how your environment is changing, and what the implications are to your security profile? Connect with us now to learn how to transform your organization’s approach to security from a cost to an investment.
Sign up today to receive our weekly blog posts directly to your inbox.