Staff cannot be taken out of the loop when it comes to incident response during a security breach, according security expert Bruce Schneier.
In a keynote speech at this year's IP Expo in London, the chief technology officer of incidence response vendor Co3 said that technology needs to serve employees and these employees need to be in charge.
He said protection and detection can only go so far and that security breaches were inevitable because users have "lost control of our data as a result of using cloud computing and consumer devices".
This meant that incidence response has come to the fore, as protection is not perfect.
He said that while security was "not a product but a process" in the nineties, it has now become both and the ratios have changed to the point where people don't help with security.
But while he praised the introduction of automatic updates to "get people out the loop", it is difficult to completely eradicate them from the incidence response process.
"You cannot automate incident response. Incident response has to be different because you have intelligent buyers," he said. "It is a fundamentally different process."
Schneier, who is also a Fellow at the Harvard Law School's Berkman Center, said in the security industry, people need to build, make and use tools to get inside what he called the "observe, orient, decide and act loop".
"In incident response this is failing," he added. "We need to do better and we can do better than the hackers and use tools that aid people."
But Schneier added that security was a "lemons' market" like used cars and this made it difficult for buyers to tell good products from bad ones.
He said: "Bad products outnumber good products because the consumer knows less about them than the sellers."
Schneier added that buyers now rely on certifications and awards rather than quality products, and will continue to underspend on security until something bad happens.
