The Wonderful Strategy of Threat Tolerance

Has anyone else noticed that the new cybersecurity slogan seems to have become it’s better to be lucky than secure? It used to be security is a process, which lasted as long as businesses thought that cybersecurity would be something that gets them out of a jam.

But when they realized that all the money and resources they put into it didn’t always pan out for them 100% of the time, they decided to go with a risk strategy instead. Which basically ended up being let’s do the bare minimum we can get away with in order to keep our customers happy and just hope that nobody picks us as a target.

Now I’m all about luck. I love it. I love it when I find a few bucks on the street. I love it when the car actually misses me when the driver loses control. I love it when the raccoon chooses my neighbor’s garbage cans. I love it every time I win the lottery.

As a sophisticated purveyor of fortunate incidents however, I am disproportionally reluctant to admit that my good fortune is often the misfortune of someone else. “Hopefully the attacker gets caught and not my family – fingers crossed!” And I manage that issue by not thinking about it – which, by definition, is a solid risk strategy. And it’s one that’s been sweeping the globe.

While you, my cybersecurity brethren and sisthren, were honing in on how to convince the business overlords to apply more cybersecurity to All of the Things (AotT), those very overlords decided that ‘good-enough’ security is when they wake up every morning in their gazillion thread-count Antarctic cotton sheets and see that luckily, nobody broke in yet. Phew! And if they did, well, maybe they didn’t find anything they liked and (Read more...)

*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by Pete Herzog. Read the original post at: https://threatvector.cylance.com/en_us/home/the-wonderful-strategy-of-threat-tolerance.html