Security, Separation and Risk

If you could have anything you want in the whole world, what would you wish for? On the count of three I want you to say it out loud. Ready?

One–

Two–

Three!

You said “Better cybersecurity.” I know you did. Everyone always says that. And let me tell you why the security fairy won’t grant you that wish.

Wait, before I tell you, because this matters, answer this question:

“Does making something harder to get make it more secure?”

Think about Indiana Jones and his temples of traps he needs to dodge through to get the idol. Does that make the idol more secure?

Or the riddle you need to answer correctly to cross the bridge. Does that make access over the bridge more secure?

Or having to select all the squares with street signs in that oh-so-annoying CAPTCHA wannabe just to tell someone on the Internet they’re wrong. Does that make the comment section more secure? Or the Internet a happier place?

Let me be more concrete. If you add more and different types of characters to passwords and increase the length of encryption keys, does THAT increase security?

And if it does, then shouldn’t hiding and obfuscating also make things more secure than not doing anything at all? So some would say no. Many would say that’s obscurity or like it and therefore not really security, not actually protecting stuff, just–

Just what?

Making something harder to get does shrink the pool of potential, successful attackers. Which, to those of you wearing your big auditor’s pants, know it reduces risk.

So does making something harder to get to make it more secure?

I have to admit that I struggle with that particular question. I also struggle with the point of adult tap-dance auditions so bear (Read more...)

This is a Security Bloggers Network syndicated blog post authored by Pete Herzog. Read the original post at: Cylance Blog