Taking the daily deluge of security breaches with a grain of salt

There’s no doubt that each high profile breach is both a warning and an opportunity for competitors to make a strong case for better security and to bolster their defenses.

Along with each news story we get a bite-sized account of how an organization dropped the ball and what the fallout was. Depending on the headline we may not be able to turn away – we just have to read it – but is every account a fair and informative one?

Here are three ways to get the most out of your news stories:

  1. Accuracy
    Media types come in all shapes and sizes, but very few are versed in the intricate details of information management and even fewer can translate the language of security. So if a particular story holds more than a passing interest and you want to better understand the issue, look it up on news aggregators like Google News and get a second, third or fourth opinion. Read up on it and don’t hesitate to look for other sources of information, like Wikipedia. In security, details matter, so if you want to educate yourself online, seek multiple opinions and authoritative sources.
  2. Integrity
    Nowhere is bias more prevalent than on the Internet where any security event or privacy breach is met with countless opinions volunteered by people who embrace some belief or another. In many cases these are unsubstantiated and in a lot more, these passionate contributors are simply looking to sway public opinion one way or another. Whether articles are politically skewed or blog posts are financially motivated is for you to decide and aside from the above advice you need to develop a keen instinct for untruth. If you can detect contributors without professional qualifications and identify pieces without proper references, your ‘bs-radar’ is already finely tuned.
  3. Relevance
    Not all password-related breaches have any bearing on your company’s remote access interfaces and not all accounts of stolen USB-keys have anything to do with our workplace awareness policies. So unless you’re procrastinating or seeking to understand every possible security breach scenario, you should first understand the context that is relevant to you. Similarly, not all sensitive USB key data is at significant risk just like not all passwords based on dictionary words are vulnerable to rapid guessing. Context matters. Precision is key. Learning to be discerning, especially when it comes to incendiary new headlines will help you avoid reject the peddlers of fear, uncertainty and doubt (FUD) but also go a long way towards preserving your productivity.

By all accounts members of the media are getting much more savvy about security, but is their reporting fair and ethical? That all depends on whether you get something valuable out of it.

If you can benefit professionally and your organization sees a bump in awareness, it’s as much as anyone can expect to gain from public news sources.

If however you’ve just read through a breathless account of another opportunist whose exploits have created havoc in a random context, then you’re better off getting back to work. Productivity is more valuable than the small dopamine jolt you get from the next fear-inducing article you’re likely to come across.


Claudiu Popa
Claudiu Popa
Claudiu Popa is a security and privacy advisor to Canadian enterprises, associations and agencies. He is an author, speaker and lecturer. Connect with him on Twitter @datarisk, Facebook, G+ or LinkedIn.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Latest Blogs

ITB in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.