So I saw this news story over the weekend and honestly after watching the video, the first thing I thought of was firewalls. Kind of sad that this is the first analogy I drew from this, but that’s OK. It goes with the turf.
So often in IT we bet on a technology to keep us secure, whether that be next generation firewalls, process whitelisting, anti-malware, network segmentation, and all of these are good things, no security consultant should ever argue against the concept of defense in depth. The problem is that we can end up shifting our thinking once we have these technologies in place that we are “good”, or that we’re “safe”.
Here are some examples of those thoughts:
- “We have new next generation firewalls, nothing can get us now”
- “We segmented off all our DB servers, we should be good now”
- “We have no admin on any user boxes and antimalware everywhere”
I’m wondering how many cages that diver is going to trust after this terrifying diving experience. I bet netsec employees that have suffered a serious breach probably feel the same way about some of these technologies.
The point I’m trying to make with this post is that I never would have thought something like this could happen; those cages were ENGINEERED to withstand any kind of shark coming at it.
Understanding how you perceive technologies that you are a fan of is extremely important. Always understand your personal status quo and your thoughts and feelings around how you’ve been successful with a particular product. Don’t let success modify your thinking that a particular solution is impossible to break or breach, because that trust can very easily turn to complacency. Just because it works and reduces threats doesn’t make you bullet proof.
On an updated note, I’m updating my bucket list and removing an item.