The New Normal is Insecure by Default

I like to believe that one of my skills is to distill complex technical concepts into something more expendable. With the risk of indulging in arrogance, I like to believe I’m good at it.

Now, this is a skill I use with my kids all the time. So perhaps this shouldn’t have been surprising when I recently ended up on the receiving end of this skill.

We were discussing danger versus threat with our youngest, and I asked him to explain the two concepts to me. He did not hesitate when he made his point:

“Risk is something you accept; a threat is something that comes from someone or something else.”

Well, that ended the conversation because while he left out the relationship between danger and threat, he wasn’t wrong. As I think about security today and the need for organizations to better understand the difference between threat and risk, his explanation came because, as it turns out, he was mostly right.

Today the risks of being online are pretty much the same since 20y a century. The risk of penetration is still data smuggling, disruption of services, well poisoning with Trojans, backdoors, malware and, today, the possibility of losing access to ransomware.

The risks of these events are something every business takes on. It’s the entry fee to doing business online, to becoming a digital business.

Threats generally come from outside. Attacks threaten to increase the risk of a breach all the time. They ebb and flow, of course, often after a new vulnerability or technology is revealed that opens a window of opportunity for bad actors to exploit.

Today, with more and more users claiming remote access, the threat from outside is definitely on the rise.

Read the full article on network computing

Leave a Comment