STD’s

Security, Tactics and Defenses

Note: This post is NOT about sex or porn, not really, but kinda, but no…

So, was listening to Paul’s Security Weekly podcast (@securityweekly) and they were talking about vulns and rankings and how they affect companies, and how CVE rankings aren't always relative to a company’s security policies because there’s no one size fits all method for a particular organizations.  So I had this idea about how security vulns relate to different organizations and how different diseases relates to the human body. I almost didn’t write this because Paul said he hated the medical references, but then he brought up a plot line from CSI: Cyber and I felt better about it…

So, much like was discussed on their show, not every company is vulnerable to every exploit out there, no matter how severe. Much like, if you’re a non-smoker you’re mostly not going to get lung cancer, although this is not always the case, but the odds are easily relatable. However, on the flip side, if there is a new virus out there, both companies and people can be affected by it (no, I didn't mean that the same virus can affect computers and people, so just stop that). Here are a few examples, you can run with it as you wish.

Case 1: Let’s say we have two people, Person A’s family has a history of heart disease and person B’s family doesn't have any history in their family of heart disease. Now, since person A knows this information, they pay very close attention to how they eat, going to regular doctor visits and exercising so they reduce their risks that they know they could potentially cause problems. This is a great security practice for an organization because they have identified that they could have issues if they just do nothing. But person B, not having a history of this issue, doesn't worry about all these preventive measures and just does what they want to do, eating everything bad for most people, blowing off doctor visits and being a couch potato.  

In this example we have two people with varying risks practicing very different strategies. One person has identified the risk and are actively working on mitigating that risk, while the other person doesn't have the same risk, but they’re not taking into account all of the other outlining circumstances that could potentially have devastating impacts. In truth, both are still very vulnerable to heart disease. Even though person A has been actively trying to prevent having a heart attack, they can still have one but even if they do, they’re body is still more prepared for the aftermath because they were prepared. Now if the same thing happens to person B, they will more than likely be surprised and, more to the point, their bodies will not be strong enough to recover from such a traumatic event. So, even though you might not be vulnerable to a particular disease, you still can’t completely ignore the possibilities.

Case number one was very specific, so let’s take a look at case number two.

Case 2: Viruses.

They can potentially affect everyone, no matter what you do, especially if you do nothing! But let’s just say that different people do different things to help prevent getting sick from viruses and yet we all still get sick at some point in our life, because that is a fact of being a human being. It might be something we did or didn't do, something we didn't think about or just by dumb luck. However, how often we get sick and how well we recover is directly related to the things we do to prevent getting sick to begin with, wouldn't you say?

Let’s say that person A always makes sure they take their vitamins and they are trying to be healthy but one day they catch a bad bug. Now, since they thought they were safe because of all of their preventative measure, when they actually do get really sick, they don’t have any remediation medicines in their house to take to help reduce the impact of the infection and in the end, have to go to the doctor to get medicine to help them recover.

Now let’s move to person B, who doesn't really do a lot to prevent catching a bug, but when they do get one, they have a whole plethora of medicines in their household to help them recover from the virus without having to go to the doctor? The answer is simple in this case, both methods combined are the true path to take. You should always try to not get sick, but not to the extreme, just like you shouldn't take any preventative and just be prepared if you do get sick. In this case, you should try to make sure you’re being healthy but always know and be prepared that you will probably get sick and have a plan when/if you do.

So, now let’s all go out there and be smart and healthy, but not naïve!