Proctor says Gartner’s research in people-centric security recognises the criticality of user behaviour as a control and seeks a better answer than posters and mouse-pads that say security is important.
In other words, it is the integration of security and social science designed to motivate users to want to do the right thing.
“Never waste a crisis,” he adds. “Sony is not the first serious, game changing hack and it won’t be the last.
“Use the visibility this creates with executives to institutionalise better practices that will survive the times when they go back to sleep over security.
“You could do that… or you could use this opportunity to push through the budget for that DLP system you’ve been trying to get for 3 years. Your choice.
“And stop picking on Sony.”
Moving away from the mechanics of the hacking, Heiser speculates that while there will be some important lessons that will come out of the analysis of this incident, it doesn’t represent a new normal in the degree and prevalence of digital compromise, but only time can establish norms.
“No shopper is comfortable with the idea that a merchant might have leaked their credit card, but nobody is going to boycott a movie maker because they leaked Sylvester Stallone’s social security number,” he adds.
“What I know for certain is that after all this buildup, I’m deadly curious about a flick that otherwise would have been pretty far down my list.”
So much so that news of this dramatic hack is going to encourage huge attendance for a movie that otherwise doesn’t seem to have the ingredients typical of a cinematic masterpiece, Heiser adds.
“They couldn’t have invented better PR than this,” he says. “I’m going to the theatre, and I’m going to cheer for the good guys.”