What began last week with a call for a new set of security attributes, now continues with a fleshing out and update of our thinking re one of the key security constituents: vulnerabilities.
In his latest mega-post, you'll find some cyber security truth telling that's as much psychology as technology. With Sigmund F staring you down, one arm akimbo, the other hoisting a cigar, Jack begins with a consideration of how much emphasis our society places on identifying and remedying personal weaknesses of all kinds, and the effects thereof:
... most people overreact to their personal insecurities, and even those imaginary weaknesses can create wholesale changes in behavior.And then quickly pivots to the cyber security realm:
Once we switch tracks to begin the discussion of vulnerabilities within software or systems, our nature somehow changes. We stop compensating and obsessing, and begin the easier tasks of ignoring and rationalizing. We do not treat vulnerabilities as potential disasters, and we definitely do not get therapy to help us talk through the underlying issues that have created our vulnerabilities and insecurities. We seem to just move on, waiting for the actual disaster to prod us into some reaction to problems we had known about (at least in the abstract) for a good long time.
We build armies, navies and air forces to protect ourselves from actually and potentially hostile other nations. With some exceptions, we buy and don expensive helmets in case we fall or get hit when riding our bikes. We wash our hands in an attempt to keep potentially harmful germs at bay. So why do we think of cyber security threats and responsibilities differently?
The FULL POST offers more insights and potential solutions. And if you want more Sigmund, and a little bit of Carl, you go see David Cronenberg's latest film which features both of them: A Dangerous Method.