informa
/
2 MIN READ
Commentary

The New Normal is Insecure by Default

Organizations are tacitly agreeing to accept greater risk by moving quickly without equal attention to security. The new normal we heard so much about throughout the pandemic is apparently 'insecure by default.' (From Network Computing)

I like to believe that one of my skills is distilling complex technical concepts into something more consumable. At the risk of indulging in hubris, I like to believe I’m pretty good at it.

Now, this is a skill I use on my children all the time. So perhaps it shouldn’t have been such a surprise when I recently ended up on the receiving end of this skill.

We were discussing risk versus threat with our youngest, and I asked him to explain the two concepts to me. He did not hesitate when he provided his perspective:

“Risk is something you accept to take; a threat is something that comes from someone or something else.”

Well, that ended the conversation because while he left out the relationship between risk and threat, he wasn’t wrong. As I think about security today and the need for organizations to better understand the difference between threat and risk, his explanation came up because, as it turns out, he's only mostly right.

Today the risks of a presence on the Internet are much the same as they have been since the 20th century. The risk of a breach is still the exfiltration of data, disruption of services, poisoning of the well with trojans, backdoors, and malware, and today, the possibility of losing access to ransomware.

The risk of these events is something every business accepts to take. It’s the entry fee to doing business on the Internet, of becoming a digital business.

Threats generally come from outside. Attacks threaten to increase the risk of a breach all the time. They ebb and flow, of course, often following disclosure of a new vulnerability or technique that opens a window of opportunity for bad actors to exploit.

Today, with many more users demanding remote access, the threat from outside is definitely growing.

Read the full article on Network Computing

Editor's Choice
John Edwards, Technology Journalist & Author
Jessica Davis, Senior Editor
John Edwards, Technology Journalist & Author
John Edwards, Technology Journalist & Author
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing