Security,
Tactics and Defenses
Note:
This post is NOT about sex or porn, not really, but kinda, but no…
So, was listening to Paul’s Security Weekly podcast
(@securityweekly) and they were talking about vulns and rankings and how they
affect companies, and how CVE rankings aren't always relative to a company’s
security policies because there’s no one size fits all method for a particular
organizations. So I had this idea about
how security vulns relate to different organizations and how different diseases
relates to the human body. I almost didn’t write this because Paul said he
hated the medical references, but then he brought up a plot line from CSI:
Cyber and I felt better about it…
So, much like was discussed on their show, not every
company is vulnerable to every exploit out there, no matter how severe. Much
like, if you’re a non-smoker you’re mostly not going to get lung cancer,
although this is not always the case, but the odds are easily relatable. However,
on the flip side, if there is a new virus out there, both companies and people
can be affected by it (no, I didn't mean that the same virus can affect
computers and people, so just stop that). Here are a few examples, you can run
with it as you wish.
Case 1: Let’s say we have two people, Person A’s family has
a history of heart disease and person B’s family doesn't have any history in
their family of heart disease. Now, since person A knows this information, they
pay very close attention to how they eat, going to regular doctor visits and
exercising so they reduce their risks that they know they could potentially
cause problems. This is a great security practice for an organization because
they have identified that they could have issues if they just do nothing. But
person B, not having a history of this issue, doesn't worry about all these
preventive measures and just does what they want to do, eating everything bad
for most people, blowing off doctor visits and being a couch potato.
In this example we have two people with varying risks
practicing very different strategies. One person has identified the risk and
are actively working on mitigating that risk, while the other person doesn't have the same risk, but they’re not taking into account all of the other
outlining circumstances that could potentially have devastating impacts. In
truth, both are still very vulnerable to heart disease. Even though person A
has been actively trying to prevent having a heart attack, they can still have
one but even if they do, they’re body is still more prepared for the aftermath
because they were prepared. Now if the same thing happens to person B, they
will more than likely be surprised and, more to the point, their bodies will
not be strong enough to recover from such a traumatic event. So, even though
you might not be vulnerable to a particular disease, you still can’t completely
ignore the possibilities.
Case number one was very specific, so let’s take a look at
case number two.
Case 2: Viruses.
They can potentially affect everyone, no matter what you
do, especially if you do nothing! But let’s just say that different people do
different things to help prevent getting sick from viruses and yet we all still
get sick at some point in our life, because that is a fact of being a human
being. It might be something we did or didn't do, something we didn't think
about or just by dumb luck. However, how often we get sick and how well we
recover is directly related to the things we do to prevent getting sick to
begin with, wouldn't you say?
Let’s say that person A always makes sure they take their
vitamins and they are trying to be healthy but one day they catch a bad bug.
Now, since they thought they were safe because of all of their preventative
measure, when they actually do get really sick, they don’t have any remediation
medicines in their house to take to help reduce the impact of the infection and
in the end, have to go to the doctor to get medicine to help them recover.
Now let’s move to person B, who doesn't really do a lot to
prevent catching a bug, but when they do get one, they have a whole plethora of
medicines in their household to help them recover from the virus without having
to go to the doctor? The answer is simple in this case, both methods combined
are the true path to take. You should always try to not get sick, but not to
the extreme, just like you shouldn't take any preventative and just be prepared
if you do get sick. In this case, you should try to make sure you’re being
healthy but always know and be prepared that you will probably get sick and
have a plan when/if you do.
So, now let’s all go out there and be smart and healthy,
but not naïve!
