This is a very plain blog with quotes from and links to articles I found interesting, thought-provoking, or relevant to the times. Linking is neither endorsement nor condemnation. Run by http://willslack.com
29 August, 2016
We Need to Change the Psychology of Security | Motherboard
Why do we put up with all this noise? Why don’t we just tune most of it out? FOMO, or Fear of Missing Out, is the the fear that we might miss something, or the feeling of regret that comes afterward. I don’t know if this is the real cause, and I’m no psychologist, but I’ve seen it anecdotally during penetration tests:
-“What do you want me to look for, or focus on?” -“Uncover everything. We want to know everything that’s wrong.”
This seems like a noble approach — responsible even. In reality, it sets an impossible standard that few, if any defenders will achieve.
How bad is the problem? Independentanalyses of the Target breach discovered that Target’s systems successfully detected the criminals several times during the attack. Most of these alerts weren’t seen until long after the attackers stole the payment data. None of them were acted upon. This is par for the course as data breaches go.