5 examples of security theater and how to spot them

Is your organization guilty of any of these security measures that don't really do much to protect data or systems?

Security theater. Cargo cult security. Pick your favorite metaphor. They both mean the same thing--hand-wavey "OH MY GOD WE'VE GOT TO DO SOMETHING" even if the something in question does nothing to improve security, costs insane amounts of money, and wastes everyone's time and energy.

Bruce Schneier, the well-known security expert, coined the term "security theater".  His inspiration? The US Transportation Security Administration (TSA). Wasting billions of dollars a year on pointless and invasive airport screening post-9/11 satisfied our emotional need to do something but did not, and does not, make us any safer.

Likewise, cargo cult security is more common in cybersecurity than you might think. The Polynesian cargo cults were newly discovered South Pacific tribes who were so awed by airplanes, and the Western food that arrived in said aircraft, that they built life-sized model airplanes out of sticks, thinking doing so would bring more food. Are you so much smarter? Maybe not. Today technology is so advanced that we are all cargo cultists in one way or another. Going through the motions without understanding the "why" creeps quickly into cargo cult territory.

Finding and eliminating security theater and cargo cult security in your organization can be the difference between preventing a business-destroying data breach and staying afloat until the pandemic is over. Here are some dramatis personae to look for in your security budget.

Bad security awareness training

To continue reading this article register now

The 10 most powerful cybersecurity companies