The Belgian Authorities will soon start an information campaign about “safe surf on the Internet” [1]. Prevention messages will be broadcasted on well known websites and radios.
It is a nice initiative. Helas, security professionals know that the weakest element will always remain the end user. User education is important with messages like “don’t trust anybody” but upstream tools to protect users must also be improved: Too often, feedback received from users is:
- “I even don’t understand the error messages!”
- “Clicking 3 times to access this resource is so boring!”
- “This slows down my computer!”
- etc
Yesterday, I went to InfoSec Belgium. There was very interesting presentations (especially the one of Howard Schmidt) and the same conclusion came again and again: a good risks analysis is mandatory and good countermeasures must be put in place to reduce them. User education is only a smallest part of the solutions.
A very good comparison given by Howard was the What-A-Mole game. The younger won’t remember this game: You had to kill moving moles with a plastic hammer. This is exactly the same with security threads. You just fixed one, another is already popping out! |
[1] The press release is available here: http://www.polfed-fedpol.be/presse/presse_detail_fr.php?recordID2=1450 (French).