There’s no doubt that each high profile breach is both a warning and an opportunity for competitors to make a strong case for better security and to bolster their defenses.
Along with each news story we get a bite-sized account of how an organization dropped the ball and what the fallout was. Depending on the headline we may not be able to turn away – we just have to read it – but is every account a fair and informative one?
Here are three ways to get the most out of your news stories:
Media types come in all shapes and sizes, but very few are versed in the intricate details of information management and even fewer can translate the language of security. So if a particular story holds more than a passing interest and you want to better understand the issue, look it up on news aggregators like Google News and get a second, third or fourth opinion. Read up on it and don’t hesitate to look for other sources of information, like Wikipedia. In security, details matter, so if you want to educate yourself online, seek multiple opinions and authoritative sources.
Nowhere is bias more prevalent than on the Internet where any security event or privacy breach is met with countless opinions volunteered by people who embrace some belief or another. In many cases these are unsubstantiated and in a lot more, these passionate contributors are simply looking to sway public opinion one way or another. Whether articles are politically skewed or blog posts are financially motivated is for you to decide and aside from the above advice you need to develop a keen instinct for untruth. If you can detect contributors without professional qualifications and identify pieces without proper references, your ‘bs-radar’ is already finely tuned.
Not all password-related breaches have any bearing on your company’s remote access interfaces and not all accounts of stolen USB-keys have anything to do with our workplace awareness policies. So unless you’re procrastinating or seeking to understand every possible security breach scenario, you should first understand the context that is relevant to you. Similarly, not all sensitive USB key data is at significant risk just like not all passwords based on dictionary words are vulnerable to rapid guessing. Context matters. Precision is key. Learning to be discerning, especially when it comes to incendiary new headlines will help you avoid reject the peddlers of fear, uncertainty and doubt (FUD) but also go a long way towards preserving your productivity.
By all accounts members of the media are getting much more savvy about security, but is their reporting fair and ethical? That all depends on whether you get something valuable out of it.
If you can benefit professionally and your organization sees a bump in awareness, it’s as much as anyone can expect to gain from public news sources.
If however you’ve just read through a breathless account of another opportunist whose exploits have created havoc in a random context, then you’re better off getting back to work. Productivity is more valuable than the small dopamine jolt you get from the next fear-inducing article you’re likely to come across.