Weakest Link

Of all the security measures we formulate, design and implement on the three core pillars People, Process and Devices , I feel the security breach or data leak happens with the weakest link which is so called PEOPLE...Here I share a story of it which was narrated by my friend..

Of all the data the interested parties take to make a background verification is some how compromised by using the key data as password to open the Gym/Laundry room which at the first stage using the wrong key...these kind of data is shared easily among well trusted people which in turn was used by a eavesdropper to use the data and call the bank to re-issue the Credit Card which was done as they verified only the last 4 digits, no secondary check or multi factor authentication and the card was issued to the newly mentioned address...with the new card in hand the masked user exploited financial benefits...all these happened when the actual user was out of country..knowing the facts on his return, he filed a complaint which was traced back and able to catch fake purchaser..

So with many controls/security measures which are in place still the fraud happened because of two things--- using the very prominent key data as passwords for public places and absence of any secondary check and activating all updates/transactions/issue of card only based on last 4 digits to believe they who they claim to be...above all the person's individual responsibility to handle his own sensitive data...

Humans are the most vulnerable than any software/process, making a self pledge of securing resources and data is the responsible of every one which can't be confined to a class room training or audit report, it is a practice which everyone should follow...

Security is a practice not an option...