BNMC Blog

By accepting you will be accessing a service provided by a third-party external to https://www.bnmc.net/

Not All Cybersecurity Efforts Work to Keep You Secure

Not All Cybersecurity Efforts Work to Keep You Secure

There are many security buzzwords that come into play when the technology available to help secure a business is discussed. The problem is that many of these buzzwords sound great but are actually very poor fits to the real needs of most small and medium-sized businesses. Let’s consider how these buzzwords play into the concept of “security theater” and how this can impact businesses negatively.

“Security Theater”

Coined by cybersecurity technologist Bruce Schneier in the early 2000s, “security theater” describes any security efforts that make one seem more secure but do very little to enhance security in the practical sense despite the costs associated with them. The concept is reliant upon the notion that security exists in two forms: the emotional feeling of being secure, and the quantifiable mathematical and scientific improvements that one can make to their protections.

For an example, let’s look to a personal anecdote that Schneier shared in a 2007 blog article.

In this article, Schneier shared an observation from his visit to the maternity ward after a friend’s child had just been born. The infant had been outfitted with an RFID tag bracelet, the purpose of which being cited as a preventative measure against infant theft.

However, at the time that Schneier visited the ward, infant abduction was remarkably rare.

This led Schneier to hypothesize that the bangles weren’t adopted as an actual security measure, but instead as a performance of security theater. By “protecting” an infant against “abduction,” the new parents could spend a few moments away from their baby without too much worry.

Let’s review the hospital anecdote. While they certainly weren’t free, the tags that were used to “track” the infants were available at an extraordinarily low cost. As a result, making the investment to mitigate an incredibly unlikely issue was considered more acceptable, because it improved the experience of the parents.

Schneier also cites an even more recognizable example: the tamper-resistant packaging that was introduced on over-the-counter medications in the 1980s. Poisonings were getting a lot of attention in the press at the time, and despite the statistical likelihood of an actual incident being so low and the tamper-resistant packaging not being all that tamper resistant, the impression it made was thoroughly positive.

This is because, in both cases, the performance of security theater helped to make the perceived threat level more in line with the actual threat level. Of course, while the benefits that security theater can offer are very real, so are the costs of putting on such a show.

Is Security Theater Worth the Price of Admission?

I want you to consider a very real potential outcome of these kinds of displays: what if the piece of security theater you invest your money in is actually making your real security measures less effective?

Consider what happened to Target in 2013. The company was hacked when their security teams overlooked the warning signs of a breach as they were buried in a deluge of other notifications. Let’s dive deeper into the threat of “overacting” in your security theater, starting with the situation that Target created.

Too Many Alerts

I want you to consider what happens when your company chat is a flurry of activities that ultimately don’t involve you. Eventually, you tune out the notifications to try and stay productive, right? The same thing happens with your security notifications if there are far too many of them that ultimately mean nothing. As a result, you and your team will gradually stop paying attention to them, allowing the actual threats to come in. Recruiting an MSP to assist you can help sort out these notifications, with the real threats attended to and interruptions minimized.

Too Many Password Changes

Password security is important, but believe it or not, there are some measures that are more counterproductive than anything else. Take, for instance, monthly password updates. With these requirements forced on them, your employees may resort to password patterns or keeping a written note of their password to keep track of them all. It is better to instead use a moderate password policy and supplement it with options like single-sign-on and multi-factor authentication (MFA).

Of course, passwords should be changed sometime down the line, but you have to be sure that you aren’t driving your employees into bad habits.

Insufficient User Awareness

One of the biggest reasons that user vulnerabilities are such a serious cybersecurity issue is because many users don’t know any better, as they were not effectively trained to respect cybersecurity policies. Rather than including their team in regular security-based training forums, many companies will instead devote an afternoon to a long, ineffective lecture.

BNMC has the means to close the gap between your security theater and your functional security. To learn more about the solutions we can offer, reach out to us today by calling 978-482-2020.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, August 09 2020

Captcha Image

Subscribe to Our Blog!

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Technology Best Practices Productivity Business Computing Privacy User Tips Cloud Email Network Security Microsoft Hackers Hosted Solutions Efficiency Computer Business Software Malware Data Communication Google IT Services Small Business Workplace Tips Hardware IT Support Mobile Devices Cloud Computing Tech Term Internet Data Recovery Smartphone Managed IT Services Android Backup Ransomware Mobile Device Innovation Outsourced IT Users Phishing Information Upgrade Saving Money Windows Smartphones Facebook Data Backup Miscellaneous Disaster Recovery Server Cybersecurity Social Media Office 365 Business Continuity communications Microsoft Office Network Business Management Browser Windows 10 VoIP Managed IT Services Productivity Data Management Windows 10 Passwords Internet of Things Gadgets Word Vulnerability Remote Monitoring App Gmail Quick Tips Managed Service Provider Apps Artificial Intelligence Mobile Office Encryption Infrastructure Managed Service Chrome Remote Workers Save Money Information Technology Google Drive Employer-Employee Relationship Networking Virtual Reality Analytics VPN Access Control Website Remote Work Applications Government Router BYOD Company Culture Money IT Support Settings Tip of the week Avoiding Downtime Development Robot Antivirus Content Filtering Bandwidth Automation YouTube COVID-19 HIPAA BDR Apple Risk Management Education Storage IT Management Data Security Paperless Office Business Technology Office Tips Virtual Private Network Computers Hacker Data storage Unified Threat Management Conferencing Big Data Employee-Employer Relationship Display Spam Maintenance Collaboration Firewall WiFi LiFi Managed IT Service Vendor Management Social OneNote Monitors Document Management Data Breach Humor Customer Relationship Management Scam Chromebook Hosted Solution Best Practice Windows 7 IT Administration Solid State Drive Software as a Service Mouse Break Fix Social Network Wireless Search End of Support Training Going Green Hard Disk Drive Mobile Security Remote Computing SaaS Printing Server Management iOS Wi-Fi Password Touchscreen Compliance Business Intelligence Managed IT Holiday Virtualization Laptop Data loss How To The Internet of Things Tablet Telephone Systems Retail Alert Regulations Managed Services desktop Downtime MSP Outlook Augmented Reality Computing Managing Stress Bring Your Own Device Operating System Two-factor Authentication Marketing Laptops Budget Patch Management Tech Support Star Wars PowerPoint User Error Management Chatbots eWaste Specifications Nanotechnology Spyware Typing Gamification Wearable Technology Network upgrade Uninterrupted Power Supply Mobility Batteries Motherboard Cables Computer Care IBM Alerts USB File Sharing Co-Managed IT Current Events Heating/Cooling Multi-Factor Security Social Engineering Managed Services Provider Websites Fraud Cost Management Onboarding GDPR Time Management Printer Policy Twitter Halloween Identity Continuity Black Friday Screen Reader Charging Identity Theft Slack Cryptocurrency Hard Disk Drives Smart Office Print Toner Myths Wires Corporate Profile Messaging Google Docs Emergency Holidays Licensing Dongle IT solutions Content Huawei Servers Google Calendar Safety G Suite Entertainment Vendor Dark Web Distribution Assessment Automobile Digital Signage Hacks Data Warehouse Network Management Procedure Scary Stories Solar Cyber Monday Smart Tech Monitoring Bitcoin Solid State Drives Network Congestion Running Cable Work Dell Shortcuts Google Wallet Mobile Management Buisness Voice over Internet Protocol WannaCry Business Growth Employee-Employer Relationships Payment Card Cooperation Service Level Agreement Cabling Streaming Processor Legislation Legal Hybrid Cloud Microsoft Excel Logistics Hotspot Virtual Desktop Internet Exlporer Google Maps Troubleshooting Business Analysis SharePoint Writing PCI DSS Sports Drones Profiles Smart Technology Connectivity Spying Windows 8 National Security Techology IT Technicians Optimization Unified Communications Security Cameras Modem FinTech Analysis Students Lenovo Dark Data Inventory Update Staff Leominster Human Error Memory Statistics Deep Learning Scalability Mail Merge Blockchain Asset Management Language Value Mobile Device Management Virus Downloads Battery Utility Computing Shortcut Distributed Denial of Service Politics IoT Digital Payment Updates VoIP Unified Threat Management Peripheral Mirgation Recycling Work/Life Balance Cookies Digital Alt Codes Mixed Reality Firefox Superfish Customer Service Shadow IT Cybercrime K-12 Schools Meetings Disaster Device Reducing Cost Bluetooth Comparison Social Networking Migration Consulting Address Permissions Memes Health Private Cloud Computing Infrastructure Professional Services LED Threats Office Samsung Black Market CCTV Law Enforcement Webcam Electronic Medical Records Financial Notifications Physical Security Error Upgrades Gadget Emoji Point of Sale Ben McDonald shares Travel Crowdsourcing Personal Information Botnet 3D Printing Regulation Supercomputer CrashOverride Cortana Staffing Motion Sickness Taxes Machine Learning Administrator Processors Unsupported Software IT Budget Web Server what was your? GPS IT Consultant Computer Repair Relocation Printers Mobile Data Cameras How To Tracking Recovery Cleaning Mobile Computing

What Our Clients Say

  • BNMC has provided us with nothing less than outstanding service and results for all of our IT needs for the past few years. Every member of their staff is professional, knowledgeable, friendly and eager to solve any problem...
  • 1
  • 2
  • 3