Laziness is the Biggest Barrier to Information Security, Expert Says

There’s a major barrier to improving information security: People are too lazy. At least that’s what one industry watcher thinks is the real reason. People just can’t be bothered to do what it takes to improve security.

In a new column on the CSO Online website, Scott Berinato gives his opinion on the state of IT security, and says we’re just too lazy to do what it takes. “I like to use [this] column for broad contemplation at the start of each new year,” Berinato says. “This year I’ve been ruminating on a major barrier to improving information security: You're lazy.”

Berinato gives an example. If banks said they can decrease chances of being hit by fraud or identity theft for free by simply not allowing people to shop or bank online, security would be drastically improved. However, we’ve all grown accustomed to these conveniences; therefore we wouldn’t give up our online shopping and banking.

But Berinato says convenience’s benefits aren’t that simple. “We’re actually hooked on a specific kind of easy called instant gratification, which has a strange way of making us overestimate the benefits we get from being lazy,” he says. “It makes us think that what’s easy right this second is easier than something that might require a little work right this second.”

Even other, fairly simple security solutions might not work, he says. “One security researcher, who knows how serious online risks are, has adjusted his behavior so that he uses two browsers—a “promiscuous” one for general Internet use, and a “safe” one for transactions,” Berinato writes. “Can you imagine doing that? In the context of the risk, it’s a minor inconvenience, but still, it’s an inconvenience. Two browsers? No way. You’re lazy, and so am I.”

To read the full article, click here: http://www.csoonline.com/alarmed/