The Human Element
"Security is not a product, it's a process." - Bruce Schneier
Although the aim of this website is to impart knowledge on the practical relevance and importance of cryptography to our everyday life, it is also important for one to know its limitations. It is foolish to believe that cryptography alone can safeguard your information from your adversaries.
It is often said that the humans are the weakest link in every security system, and with good reason. There have been plenty of instances in the past when despite having the most technologically advanced cryptographic systems, adversaries have been able to penetrate and intercept the security by just spoofing the people managing the system. Social engineering is the term used to label such attacks. It often involves various cunning tricks such as impersonation to con a person into divulging some sensitive information, which would have otherwise been nearly impossible to extract or obtain.
Even without the threat of social engineering, cryptography, at best, can only protect your data after you have scrambled it. Since information usually does not start out being encrypted, there is always a period of time during which your data remains unprotected and open to interception. Similarly cryptography ceases to protect your information once your recipient has received and decrypted them. Due to pure oversight, sensitive information might just fall into the wrong hands and at the wrong time. One could also leave the secret key (required for decrypting the scrambles message) carelessly lying around for an intruder to steal and exploit. Or worse still, if one gives it to the wrong person accidentally!
Thus, regardless of how expensive and foolproof any cryptographic technology might be, one has to realize that data security is as much a people and management problem as it is a technology problem. Before putting blind faith in a cryptographic system, it is imperative for everyone of us to ensure that we don’t allow intruders to exploit this weak human link. This only serves to highlight the importance and role of the human element in implementing completely secure cryptographic systems and solutions.
Reference
- Learning About Cryptography, by Terry Ritter
- http://www.esat.kuleuven.be/cosic/intro/
- Cryptography/Social Engineering and Coercion
- http://en.wikibooks.org/wiki/Cryptography/Social_Engineering_and_Coercion
- The Art of Deception, by Kevin Mitnick