DEV Community

Cover image for Security Is a State Of Mind, Not an End State
akloya
akloya

Posted on

Security Is a State Of Mind, Not an End State

The global threat landscape is evolving at an unprecedented rate. Cybercriminals are finding new and novel ways to exploit technology and human psychology to profit. Despite their best efforts, individuals and organizations are falling victim to breaches, ransomware, and all kinds of attacks almost every day.

Why is this happening? For two main reasons:

First, it’s becoming increasingly easier for cybercriminals to do their act. A decade ago, it was hard and time-consuming to come up with a malware, distribute it widely, and make a profit. Today, it’s quick and easy. One can use open source tools to come up with malware, rent a malware distribution framework and distribute it for cheap, and leverage bitcoin to anonymously collect money and make a quick buck. One can steal credit cards or identities and sell them anonymously using Amazon-like marketplaces on the dark web. One can devise a phone scam that intimidates people and gets them to log in to their bank account and wire money out, or even drive up to a Target and buy gift cards and mail them. All these are real examples happening today. Criminals are stealing billions of dollars from unsuspecting people every day.

Second, individuals and organizations have a fundamental disadvantage against cybercriminals. Most individuals are unsuspecting by nature. It’s easy to exploit their mind via social engineering and lure them or intimidate them to take action. Most organizations have annual security awareness training programs, but many employees find them boring and skim through them as quickly as possible and move on. More importantly, organizations rely on dedicated security teams to keep their employees and assets safe; who then rely on security tools to monitor threats and respond. But security tools can only go so far since they trade off false negatives to avoid false positives. Plus the bad guys have access to most tools and can test their attacks against them, but we don’t have access to threats so we’re fundamentally at a disadvantage from a technology standpoint.

How can we prevent this from happening?

We think the answer is to make security a “state of mind” and not treat it as an “end state.” Here at LeanTaaS, one of our core product engineering values is to “err on the side of security.” That means doing whatever is right to keep things safe, even if that causes inconvenience to someone, or if that breaks something at the moment. Which is why it’s “err on the side of.” It’s based on a core principle that the cost of an inconvenience or breakage is less than the potential cost of a breach. The act of trying to balance security and convenience can happen later, and may not be possible.

We try to imbibe this value day in and day out in everything we do and make it a core cultural tenet in the organization. Culture is how decisions get made when no one is looking. We hope to have everyone err on the side of security when no one is looking.

We think that’s critical to defend ourselves against today’s cybercrime. Security is not one team or one tool’s responsibility. We’re all vulnerable and we all need to stay vigilant and err on the side of safety all the time — for our own safety, for our organization’s safety.

Top comments (0)