Don’t assume, and other great life lessons

June 15, 2015 Kevin Whalen

Early on in life, most of us were told, never assume. I’m frequently reminded why this is such great advice. Susan Boyle’s appearance on Britain’s Got Talent may be the greatest example I can think of. Admit it, you assumed it would be awful, didn’t you? (Simon Cowell sure did, and anyone who can shut up and humble him – even for a moment – is a hero in my book!)

In the security world, we make assumptions every day. About threats, about threat actors. About what we think we know, and what we think we don’t know.

When you hear about a high profile breach or rash of identity theft, what do you assume? Some sophisticated nation-state, or some shadowy underworld criminal gang? Does the “who” even matter?

Arbor’s Dan Holden wrote a great piece for Wired’s Innovation Insights blog titled Attribution Charade: Leave the ‘Who Done It’ of Attacks to Hollywood

Attribution, when achieved, can provide important information about attacker motives, particularly when it involves nation-state attacks. However, the reality is that chasing the ‘who’ over the ‘how’ is a luxury few businesses can afford. It’s time to focus on what truly matters: protecting and defending the business by focusing on the techniques of the attackers and the targets they are going after. Focus on identifying the most important assets to the business, which often means a need for better visibility, and increased protection that allows for understanding and detecting attacks at any stage of the kill chain. Focus on putting processes in place that will force rapid response to actual intrusions in a timely manner. Leave the “who done it” to Hollywood.

I agree with this, but as with making assumptions, there are other life lessons to consider, such as “exceptions to the rule.” Here is one such example.

Ex-NBA All Star Arrested In Arizona Alleged Kingpin In I.D. Theft Scam

Gatling

The post Don’t assume, and other great life lessons appeared first on Arbor Insights - Our People, Products and Perspective.

Read more...

Previous Article
Network Security Darwinism: The History and Evolution of Threat Defense
Network Security Darwinism: The History and Evolution of Threat Defense

What Darwin really talked about was adaptation. It’s clear that network...

Next Article
The business of security is business
The business of security is business

With many calling the last year or more ‘the year of the data breach,’...