Multiplying by Zero: Humans & Digital risk protection

In any ‘multiplicative system’, if you multiply by zero, you don’t need to be a maths genius to know that the result is ‘Zero’.

In an ‘additive system’ it’s different, you add ‘zero’ and the values don’t change.

Something all engineers learn very early on is that a system is no stronger than its weakest link. Let’s take an example of a backend system that houses critical customer data for an insurance company — like customer contact information, type of policy, renewal dates etc and this system is manned by Humans (which it is). Now let’s say that we put multiple security controls (which we do), and one of the people operating this system falls prey to a ‘silly’ phishing attack. All security controls deployed, nullify to ZERO!

Because it does not matter that all security controls were in place, what matters is that the data was lost despite all security controls — because of the human element. The human cannot be blamed, because the business did not invest in fortifying the ‘human operating system’.

Not investing enough in fortifying the ‘Human Operating System’, as we call it the ‘HumanFirewall’, is like multiplying all your cyber investments by Zero.

Wouldn’t you say?