What the FUD?

Real solutions to security problems aren't going to work because of fear tactics

fear bw version 000002189637
Credit: iStockphoto

From password management tools to data loss prevention and VPN solutions, many security companies are making fantastic claims that they have the magic elixir of security solutions. Yet, anyone who knows security understands that there is no silver bullet.

For the record, defenders of information security are doing a rock solid job preventing major catastrophes from happening, but they can't possible guarantee 100 percent security. So, for those who are doing their due diligence and evaluating their overall security posture, looking at the infrastructure and ecosystem to determine what works and where the gaps are, kudos to you.

That is the kind of action that will better defend your environment. Those in the industry who prey on the fear and uncertainty of security practitioners, well shame on you. Technology has evolved so quickly and so expansively that everyone relies upon connected tools for almost every aspect of their lives, both in and out of the office.

It's easy for people to get caught up in the fear of the vulnerabilities that can exist within all of our devices, but is it realistic? Certainly, there are days when I feel a little like James Comey, FBI director, who said, "I saw something in the news, so I copied it. I put a piece of tape over the camera. Because I saw somebody smarter than I am had a piece of tape over their camera."

Sure, as I sit here, my eyes flutter back and forth between the screen and my laptop camera. I'm often aware of the reality that some bad actor could be lurking on my device, taking control of my camera. But do I need to be that paranoid person?

My antivirus provider tells me no. At some point, I have to relinquish myself of the fear, uncertainty, and doubt. So, too, should you. I'm not suggesting that security practitioners rest on their laurels and play solitaire instead of monitoring their networks, but for the love of Pete, don't spend your precious resources on products just because you are afraid of being the next name in headlines.

I know that it is easy for me to say because it's not my job on the line, but in this maliciously fueled time of using cyber to exploit political candidates and reveal personal secrets, it's easy to get caught up in the paranoia. But, it also doesn't escape me that I am only one individual whose vulnerabilities are limited by my own personal devices.

I can't imagine the pressure that security practitioners feel on a daily basis, overwhelmed by alerts, tempted by promising solutions, afraid of losing their customer data--or even worse--their jobs.

My kids are young, and I often engage in the internal argument of whether I should allow them to play outside unsupervised in our fenced in backyard. A friend once asked me, "What are you afraid of?" There are two things. One, their getting hurt and my not being able to get to them fast enough. Worse yet, I am terrified that someone will kidnap them right from under my nose. 

Those fears, fired by the uncertainty of the moral compass of others and the doubt that I can trust every person who passes by, are no different from the fears that keep security practitioners awake at night. But that doesn't make the threats real.

"Statistically, the numbers just don't add up," my friend responded.

That's a comforting thought befitting my concerns and yours. At the end of the day, there isn't much more I can do than trust that my children are safe inside the protected environment I've built for them. 

Cybersecurity market research: Top 15 statistics for 2017