Security - The Myth of Secure: Achieving Security, Not False Assurances
It’s no surprise that many people today place a high priority on security. In light of the increasing number of data breaches and cyberattacks, it’s no wonder so many people worry about protecting their information. As it turns out, there are still some misconceptions about what “secure” really means. Despite the obvious need for improved security, many people still don’t understand what it takes to achieve true safety, leaving them vulnerable to malicious activity.
The word “secure” is often used figuratively as if it were something that could be obtained and held onto forever. In reality, secure is a verb, not a noun. Despite the fact that you can secure something, it cannot be considered “secure”. For example, an organization might invest in the latest firewall technology and encrypt their data, making their systems “secure” for the moment. However, if they do not monitor for threats and update their systems with the latest security patches, their data is not truly secure. I believe it is an extremely important distinction to understand even though it may seem like splitting hairs.
As the famous American author, lecturer, and political activist Helen Keller once said: “Security is mostly superstition. It does not exist in nature.”
In order to protect something from harm or theft, protective measures must be taken. It is imperative to stop thinking of security as a done deal. Our approach needs to change from being reactive to continuous risk assessment and mitigation. This will help to ensure that our systems remain resilient in the face of emerging threats. Security must be viewed as a continuous process, as threats continuously evolve. As we assess risks, we should develop strategies to mitigate them, rather than rely on outdated security measures. By doing so, we can ensure that our systems remain safe and secure from threats.
In the same way that a train gathers speed as it moves down the track, computer crime increases as technology advances. Without adequate cyber security measures, a successful cyberattack could cause catastrophic damage. Colonial Pipeline, for example, was forced to close its operations as a result of a recent ransomware attack. Consequently, there were shortages of products and fuel prices skyrocketed throughout the United States. Moreover, cybercrime has increased 300% since March 2020, with more than 4.7 million incidents reported in the USA in 2020 (compared with 1.5 million in 2010).
As a result, we cannot become complacent when it comes to our security practices since new vulnerabilities appear every single day. We need to take into account these emerging threats in order to keep our systems up-to-date with the latest security protocols and technologies available on the market today.
No matter whether it is an individual computer or a network, you should evaluate a system’s security in terms of both its technical capabilities and its socio-technical aspects. User access control policies or even employee awareness programs are examples of how to teach users how to behave responsibly online (examples: creating strong passwords; using two-factor authentication). It might seem like a daunting task, but fortunately, tools are available that can assist in streamlining this process. For example, penetration testing tools can be used to simulate cyberattacks in order to identify potential vulnerabilities in systems before malicious actors are able to exploit them. This reduces the potential for risk exposure.
These concepts are critical for all those involved in managing any kind of system; developers should ensure they know best practices when coding applications, and IT professionals should ensure their networks are monitored for suspicious activity - internally (by employees) as well as externally (by malicious actors). Furthermore, organizations that manage sensitive data (such as financial institutions and healthcare providers) need to develop processes that enable them to detect intrusions quickly so that they can take action quickly before damage occurs. Otherwise, they may face hefty fines from regulatory agencies if they do not comply with GDPR/HIPAA/etc regulations that are set up by government agencies like the FTC/FDA. For example, Equifax was required to pay up to $700 million in fines and monetary relief to consumers over a 2017 data breach that affected nearly 150 million people.
As we discuss ‘security’, we need to remember that it’s not static. It’s constantly evolving as technology advances, as well as social factors such as user behavior and culture change. In order to remain ahead of those trying to exploit them digitally, companies need to adjust their approaches accordingly. Ultimately, security should always be viewed as a verb rather than a noun – because only then will organizations realize the importance of taking proactive measures to protect their data & assets against the potential risks in today’s ever-changing environment.