There is no such thing a “human error” when it comes to phishing. Phishing is a successful deception of an authorized user by an unauthorized user.
Preforming all activity in public is a security protocol problem not human error. Commingling secure and public communication is a choice every organization makes.
Security is about Classifications and Access Control. Every cybersecurity problem comes back to the same two issues. Securing digital mail will not solve every problem, but it will secure “secure communication” and provide a path to real cyber security.
Secure digital mail is performed in private with private access. Any organization with an ID has already defined their group for secure communication, they just need to define “secure communication”, upgrade IDs and use the ID to grant private access.
This differentiates secure communication from public communication…then education will be effective. If a secure communication is in email, IT’S NOT SECURE. Don’t respond, click on a link, open a file, etc.
The same access control method, upgraded ID, for secure digital mail can provide private access for other secure activity. It is a migration to a private architecture rather than a disruption of the existing architecture. Once private access is granted, there is no limit to the number of secure things that can be performed in private.
It isn’t too inconvenient to present an ID to access a building but using the same ID to access the organizations secure data is too inconvenient, for who? This is the source of cyber security’s failure. We demand responsible access to buildings because it may endanger your safety, but we institutionalize irresponsible behavior on the Internet …why?
When a METHOD to act responsibly online is provided, then cyber SECURITY will be achieved. “We don’t want to inconvenience our _____” is BS. If someone is irresponsible enough to compromise their access tool then they should be inconvenienced. If I lose my credit card, I wait for a new one. The same is true for SECURE Internet access control.
The security protocols are STATIC! The form factor for a token is a discussion, not an obstacle. When secure activity is privately accessed, security is possible. Securing digital communication is the least disruptive path to a secure future.
It requires a PROCESS to analyze what communication rises to a “secure” class and providing private access to that communication.
Access Control is the purpose of cybersecurity. Performing “secure” activity while granting public access guarantees failure. It is time to stop performing “Risk Assessments” based on the choice to violate security protocols and perform a “Security Assessment” to CLEARLY define and classify data and activity.
An upgraded ID containing a private portal to secure communication is the same portal to everything an organization considers secure. The ID directly asserts an authorized user’s identity for as long as they are connected, creating a digital state-of-existence, something your body does in the real world. The ID, “something the user possesses”, only needs to be properly configured to be more than a source for more data.
Digital mail is only available when a state-of-existence is proven = Existence Mail.
Article by channel:
Everything you need to know about Digital Transformation
The best articles, news and events direct to your inbox
Read more articles tagged: Cyber Security, Featured
Popular Now
Related Articles
