What is Empowerment?
Empowerment, it’s been a major buzz word recently but what does it actually mean and how can it change how we look at security?
In a recent talk at Info Security London Mr Richter, senior vice president at level 3, noted that 40% of the top 10 security breaches in 2014 were due to lapses in non-technical controls.These being user based occurrences like phishing, social engineering and similar attacks. Its attacks like these that can’t be stopped by firewalls, IDS’ or by simply throwing money at the problem. These are the attacks that need to be counteracted by user training and of course user empowerment.
‘Freaky clown’ a social engineering expert dabbled on this in a recent talk at Bsides London. He mentioned that on a job most commonly he would never get questioned by staff on who he was, he followed this up with:
“Because I was there, [people assumed] I should be there.”
Of course it would be simple to blame the people in question: the receptionist, the security guard or even the door man. In practice however this isn’t the case and it is indeed the responsibility of their employer to give them proper training in how to deal with such occurrences. Recently Dr Jessica Barker spoke at Bsides London on the topic and spoke about a collection of people in a group. She spoke about the fact that when these people were given responsibility, roles and purpose inside of the group the more empowered they felt.
Employee empowerment could be what stops the next mega breach and it’s up to the employers of today to decide if they want that to happen.