I don't even think it's a case of people being stupid, I've seen it many times in big companies where IT creates policies and rules and implements solutions to protect their data, but they're focused on their perspective, not on making it simple or easy.
So Joe in Accounting or Steve who's on the road all the time or Alice who wins $10M deals but can't program her VCR all are focused on doing their jobs and aren't given the time or resources to jump through all the hoops IT makes. Instead they do whatever they can to get what they need when they need it, which often times involves subverting or circumventing the hoops.
Almost every Fortune 500 company has been hacked. I think less because people are stupid and more because security and productivity are often mutually exclusive, especially if the people implementing the security don't take people into account in designing their solution.
__________________
Uncertainty is an uncomfortable position.
But certainty is an absurd one.
|