Why humans are not the weakest link in the cybersecurity chain


12 Jul 2023

Image: Brian Honan

The latest episode of For Tech’s Sake features cybersecurity expert Brian Honan, who said it’s the tech players who need to take more responsibility for keeping us safe.

While AI has been making a new wave of headlines in recent months, cybersecurity breaches and attacks have been a mainstay for several years now.

Many major tech companies, along with organisations in other industries, have suffered major data breaches, from Meta, formerly Facebook, to Marriott Hotel Group.

But the Covid-19 pandemic saw a particularly aggressive surge of attacks across the world, with several notable incidents, including the Colonial Pipeline in the US and the HSE cyberattack in 2021, which is estimated to have cost the Irish taxpayer more than €100m.

And the growing cybercriminal industry shows no signs of slowing down with more recent attacks including the Moveit hack and a major attack on the UK’s NHS – the second in a year.

Amid all these stories, appears stories of cybersecurity preparedness and whether or not people are properly trained to spot phishing attempts or unusual activity that may signify a hack.

Time and time again, human behaviour is considered to be the weakest link in the chain and the one we need to pay the most attention to, the area we need to strengthen to ensure no more data breaches or cyberattacks occur.

However, what virtually all cybersecurity experts agree on is that it is impossible to prevent all cyberattacks and breaches – it’s never a case of if, but when it will happen.

However, one expert – Brian Honan, who has advised Europol’s Cybercrime Centre along with several innovative security companies – hates the idea that humans are the weak link.

Speaking on the latest episode of For Tech’s Sake, he said that train of thought essentially blames the victim.

“If you look at any of the research reports that are out there on breaches, you’ll find that a lot of breaches were actually detected by people and prevented by people,” he said.

“I would argue that people are our best defence if they’re properly trained and they’re properly aware.”

He also said that if a company’s infrastructure goes down simply because someone clicked a suspicious link, then those leaders have to question what other defences they had in place.

“Email is designed to work the way it is. It’s designed for us to send attachments, it’s designed for us to send links. If we were to make email secure, it would be unusable,” he said.

“We have to make the products more robust, more resilient, more reliable and more secure, and not rely on somebody who has had, if they’re lucky, a half-hour lunch-and-learn presentation on ‘how to stay safe online’ given by their company.”

Check out the full episode with Brian Honan wherever you get your podcasts and subscribe for more.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.