A Musing: "InfoSec, this is Medicine. Be more like Medicine."

Image Source: TTGTmedia

I stumbled across this image while I was scrolling down my LinkedIn.

This is the kind of thing that all information security professionals, from lowly analysts to chief information security officers, have been hearing for decades. Plausible deniability is a huge problem in information security... and it's a function of The Tech Effect

People don't want to know about the millions of ways they, or their company, or their nation are vulnerable. Why? Because if they know what's wrong, then they have to fix it. And it's not something they can fix themselves, which means... you guessed it: fixing it costs money. Probably a lot of money. (There's a reason they say "ignorance is bliss.")

Right now, information security is like lung cancer: people know it's a possibility, and they know they're not feeling great, but they avoid going to the doctor because confirming what they suspect makes it real, and there's nothing they can do to fix it. If they can afford it, they can pay for some expert to provide them with a "solution," but it will be expensive and painful and it might not make a huge difference. 

But lung cancer isn't transmissible, and ransomware is. If we as a society are going to combat it, we have to start thinking about it a lot more like the flu: something familiar that happens to everyone, with known symptoms, causes and treatments that your average person can handle. We're never going to get enough digital doctors to keep everyone in the technology ecosystem safe and healthy; people have to take care of themselves. It'll take education, training, and cheaper, simpler security solutions for average people to purchase (like over-the-counter medicine). But security won't work until it works for everyone.

~Ariel Robinson, Host, The Tech Effect