With security at the forefront of everyone’s minds, you should exercise caution when reading about new problems. Headlines can be deceiving, always read the article.
Recently, an article was written about a potential security problem with a specific piece of hardware. The headline was enticing and also gut wrenching if true. Upon reading the article, it was discovered that while there was a security problem, it was not the magnitude the headline illustrated. In fact, the problem would still take a bad actor physical access, years of knowledge and a lot of money to crack. As tech experts, we can read those articles and understand how big an issue really is. But many who are not tech or security experts would likely read the headline and fear the problem based on the headline alone, driving them to choose a different, possibly inferior, security method. Which got us thinking, what is the purpose of the sensationalism of security?
Every business leader knows that security needs more attention. If they didn’t know that before the pandemic, they certainly do now. Security must be monitored and updated and patched. It must be written into the code of all features and products offered to customers, because if it isn’t, then that business is on the hook for any information that is stolen. More and more businesses are seeing the repercussions faced by Capital One, Boeing, Twitter and others for not being compliant or for fraudulent reporting. No business wants to be in the news for this reason!
The problem is, because higher ups are starting to pay attention (at least a little, we hope), journalists and media outlets will try to bait people in with bloated headlines. It happens in every industry for various reasons. Entertainment, sports, finance, etc. Whatever the hot-button topic is in that moment, they are doing everything they can to get those clicks. The more clicks they have, the more ad revenue they generate. Right now, the hot-button topics in technology are security, digital transformation, AI and ML. Only one of those has real dramatic gravitas.
For example, if you read a headline that said, “Open-Source Code Contains Malware,” it’s likely you’d tell your developers to stop using it. But if you opened the article, you would learn that really all that needs to happen is a thorough review of all code taken from open-source platforms. Not all code is infected with malware strings, and there is a specific place you can look to find the current known problem areas. From there you can determine if you use that code. We advocate for reviewing open-source code regardless because it’s something developers regularly use to do their jobs. But a vast majority of open source code does not contain malware.
Security is, by definition, an attempt to stop something that may be inevitable and always has. But that doesn’t mean we should dramatize that fact. This is a true statement: “Every password can be cracked.” However, for many passwords, especially one longer than 24 characters, it would take eons [the planet may not be here, let alone your Spotify account] to do. Think about it, there is no lock on this planet that cannot be broken with the right amount of time and resources. Locks on safes and locks on security doors like the ones they have in the oval office are all ranked. They are ranked by the amount of time it takes to break that lock. You can read about the rankings for both mechanical and electric locks here. But this just proves that every lock can be broken given the right amount of time. And that is okay. Nothing is foolproof, that is the deep irony of the Titanic.
This is why it is important that your security have layers and depth, why we say to hire or consult an expert anytime you’re doing something with security. When a business leader reads a headline designed to make you click on it, but doesn’t actually read the article, it can lead to poor decision-making because not all of the answers are there.
Media outlets are just like every other business in that they are in business to make money. Yes, they want to report the news and keep people informed of what’s happening in the world, but their primary goal is to make money. The best way to do that is to sensationalize current trends so that links are clicked and revenue is generated.
Don’t fall for the sensationalism of security! Understand that nothing, not one single thing that needs security on this planet from physical homes to personal data, can ever be 100% fully protected. Data security requires depth, layers, different tools designed to catch different attacks. No one tool can do it all, and as long as you have the proper protocols in place, if something fails then another system should pick up the slack. Yes, it’s complicated, so bring in an expert to help you understand how it all works, show you how to keep it going and educate your team on potential issues that could happen.