It’s often said that humans are the weakest link in security and social engineering is easier than hacking. This is true — but there’s another facet that isn’t discussed enough: when the security design causes friction, the system will deteriorate and lead to gaps over time due to user action (or inaction).
Great security solutions rarely fail on technical merits, but rather on human ones. However, it is possible to avoid this with security design which focuses on usability. The two — security and usability — do not need to be opposing forces.
We’ll cover several aspects of this topic:
- Security is usability to avoid cybersecurity erosion
- Why do we care about cybersecurity erosion?
- What are some design choices to mitigate cybersecurity erosion?
- What are some real world examples of solutions that add cybersecurity erosion?
- Actionable takeaways
