Main Nav

The Real Reason the Human is the Weakest Link

Computers and mobile devices store, process, and transfer highly valuable information. As a result, your organization most likely invests a great deal of resources to protect them. Protect the end point and you protect the information. Humans also store, process, and transfer information. Employees are in many ways another operating system -- the HumanOS. Yet if you compare how much organizations invest in securing people compared to computers and mobile devices, you would be stunned at the difference. Let's take a look. Organizations typically invest the following in protecting an end device, including:

  • Anti-Virus Software
  • Patching Infrastructure
  • VPN Solution
  • Host-Based Prevention System
  • Two-Factor Authentication
  • Vulnerability Scanning
  • End-point Encryption
  • Log Monitoring

Go down that list and add up the cost for each computer. Then add support contracts, help desk phone calls, and how many FTE (Full-Time Employees) it takes to maintain all of this technology. You probably end up spending $100 a device, $200 a device, or perhaps even more? Now, go through the exact same process and determine how much you are investing in securing your employees. How much per person? Hear those crickets chirping? Your organization is most likely spending 10x to 20x the time and resources securing technology as it does securing the HumanOS. If determining the dollar amount for each computer becomes too complex for you or your organization, try a simpler metric. Count how many people you have on your information security team. Now, out of all of those people how many focus on securing technology, and how many on securing the HumanOS? You probably will end up with a very similar metric, something like 10-1 or 20-1.And organizations still wonder why the human is the weakest link.

Technology is important, we must continue to protect it. However at some point you hit diminishing returns. We have to begin investing in securing the HumanOS as well, or bad guys will continue to bypass all of our controls and simply target the human end-point.

 computers vs. humans

BIO: Lance Spitzner is the training director of SANS Securing The Human program. His job and passion is helping organizations around the world build high-impact awareness programs. To learn more or download free resources visit the Securing The Human website.


I do see where you're getting with the fact companies invest more into technology than employees, particularly in protection. But what do we need to be protected from? We protect computers from hackers because their information can be stolen. Hackers can't get into our heads (at least not yet). Computer viruses harm computers just like a normal one does to humans, but many companies provide health insurance for such a purpose.

Computers are less than capable than people, whch is why they need to be cared after so much. They don't know when to turn on and off, who to trust and who not to, what lines of code are malicious or not. They just take orders blindly, with the only restrictions being the ones programmed by an administrator.

Computers are designed to work with humans. People often perform their jobs with a computer. If the computer is broken or comprimised, we work less efficiently or not at all. Yes, we have become dependent on computers. But they are not better than humans.

Humans can think for themselves. We cam make judgement calls. We don't need to be babied and when we are, most people complain and feel smothered. When people require more from an employer, they quit or go on strike. Unions were formed to force employers to provide better benefits or working conditions. Perhaps when AI reaches a level of being human-like, computers can also be self-sufficient and require less protection.


Connect: San Antonio
April 22–24
Register Now

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.


Digital Badges
Member recognition effort
Earn yours >

Career Center

Leadership and Management Programs

EDUCAUSE Institute
Project Management



Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.


EDUCAUSE organizes its efforts around three IT Focus Areas



Join These Programs If Your Focus Is


Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.



2015 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations

Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.