Insecurely Secure: A False Sense of Security

Insecurely Secure: A False Sense of Security

Security is an interesting subject that follows us from before our birth until the day we die. Our entire life is comprised of security, insecurity, and a false sense of security that often confuses the two.

As we celebrate the birth of our two nations — Canada Day in the north and Independence Day in the south — I can’t help but think about security or, more specifically, the lack thereof. Maybe it was the video game conference, EVE North, that I attended on the weekend and the discussions I had around security in a video game. It may have been the news reports surrounding Pride this past weekend, where attendees felt insecure in spite of being around those responsible for their safety and security. There’s a high likelihood that it’s tied to the two cities in Florida that have collectively spent $1.1 million paying to recover systems targeted by ransomware.

Security is an interesting subject that follows us from before our birth until the day we die. Our entire life is comprised of security, insecurity, and a false sense of security that often confuses the two. My sister is pregnant and the safety and security of my future niece is often a topic of discussion from my mother questioning if walkers are still safe, to determining if the car seat is expired (yes…car seats expire) and how to install it. I remember when I was younger, I had a favorite blanket that came everywhere with me. When, as an adult, I learned that my mom had thrown out the few ragged pieces that were left, I was still upset. That blanket had protected me from monsters in the closet and boogeymen under the bed. That was probably my first experience with a false sense of security, but it definitely wouldn’t be my last.

I can remember that the door had to be bolted and chained before bed, but windows were left wide open to combat the warm summer nights. I remember a job in high school, where I was responsible for adjusting the front of house lights in a theatre from catwalks, and the supervisor said, ‘There’s a safety harness, but it’s sized for me and won’t work for any of you.’ How many people have heard the story that rear windows in cars only go down part way to prevent children from jumping out? The reality is that there simply isn’t room in the door for the window to go down further. I bet you, however, that there are people who felt safer thinking the car designers were considering the safety of their children. It’s that false sense of security that guides so much of our lives.

On top of my day job of performing security research, I spend my evenings watching and reviewing films. Have you ever wondered why horror movies scare us? Sometimes it’s the jump scares, we’re just not expecting to be startled at that moment, but a lot of the time, with psychological and supernatural horror, it’s because we feel unsafe. Instead of a false sense of security, we have a false sense of insecurity. It’s why we cling tightly to the person next to us watching the movie, why we triple check the locks on our doors, and, in our 30s and 40s, still look under the bed after a scary movie. These actions don’t make us safer, but they counter that false sense of insecurity that we feel.

What does this have to do with the celebrations occurring in two neighboring countries? It’s important to remember those times in your life when you’ve been both secure and insecure…to remember when you had a false sense of security or insecurity. Whether you are secure or have a false sense of security, you feel better, you feel safer. Just as being insecure and unsafe make you feel just as bad as that false sense of insecurity. That’s why it’s important to consider the viewpoint of others to understand why they feel a certain way. What you see as security may in fact be a false sense of security and what you see as a false sense of insecurity may be actual insecurity. It’s going on all around us in every aspect of life, but let’s take a look at a few of the more relevant examples.

When a municipality is hacked and we see ransomware attacks, we see organizations that may have thought they were secure. Maybe they met all the checkmarks on a standard that said they were secure. Maybe they paid attention to one subset of risks without considering the bigger picture. Sometimes organizations focus on things they can’t fix, things they can’t change and overlook attack vectors that they can fix. They have a hard time recognizing security and a false sense of security.

At the video game conference this past weekend, I was asked how I vet the people I play with, how I ensure they won’t scam me in the game. People are shocked when I tell them that I don’t. They have complex checks that audit people’s mail, their conversations, their past history to determine if they can trust them. I’ve recognized that these checks only provide a false sense of security, so I see no value in performing them. This is a conclusion that translates nicely to the real world. A friend recently told me that his wife was almost taken advantage of by a car wrap scam. I had not heard of this, so I investigated and discovered that they post on job search sites with the ultimate ‘make easy money’ scheme. You sign up and they pay to have an advertising wrap put on your car. You get a check in the mail, deposit it, and pay for the car wrap. You pay for the car wrap by wiring the company performing the wrap (rather than paying them when you get the car wrapped). You later find out that the check is a fake when it bounces, but since you’ve already paid the company wrapping your car, you’re out money. The check has the name of a big business and you reached out to them, so it does a great job of creating a false sense of security.

We hear about it all the time. You hear about people selling their car privately. Someone comes by to look at it and asks to take it on a test drive. They just never come back and you slowly realize you handed your car keys to thieves. A lot of you are thinking, “Yeah, but that will never happen to me.” How true is that? How well can you recognize a false sense of security?

If you just celebrated Canada Day or are getting ready for Independence Day, ask yourself if you can recognize when you are really secure. As you’re watching fireworks or enjoying a BBQ, think about the things in your life where you feel safe or unsafe, secure or insecure. Have you evaluated what’s real and what isn’t? It’s not a thought process that many of us go through, but it’s a critical thinking exercise that gives us empathy and understanding. The first step in avoiding being scammed as an individual or hacked as a company is recognizing the parts of the process that give you a false sense of security. Once you identify them, you can do something about it. Then, maybe, you won’t find yourself paying hackers to save your system from ransomware.

Featured

  • 12 Commercial Crime Sites to Do Your Research

    12 Commercial Crime Sites to Do Your Research

    Understanding crime statistics in your industry and area is crucial for making important decisions about your security budget. With so much information out there, how can you know which statistics to trust? Read Now

  • Boosting Safety and Efficiency

    Boosting Safety and Efficiency

    In alignment with the state of Mississippi’s mission of “Empowering Mississippi citizens to stay connected and engaged with their government,” Salient's CompleteView VMS is being installed throughout more than 150 state boards, commissions and agencies in order to ensure safety for thousands of constituents who access state services daily. Read Now

  • Live From GSX: Post-Show Review

    Live From GSX: Post-Show Review

    This year’s Live From GSX program was a rousing success! Again, we’d like to thank our partners, and IPVideo, for working with us and letting us broadcast their solutions to the industry. You can follow our Live From GSX 2023 page to keep up with post-show developments and announcements. And if you’re interested in working with us in 2024, please don’t hesitate to ask about our Live From programs for ISC West in March or next year’s GSX. Read Now

    • Industry Events
    • GSX
  • People Say the Funniest Things

    People Say the Funniest Things

    By all accounts, GSX version 2023 was completely successful. Apparently, there were plenty of mix-ups with the airlines and getting aircraft from the East Coast into Big D. I am all ears when I am in a gathering of people. You never know when a nugget of information might flip out. Read Now

    • Industry Events
    • GSX

Featured Cybersecurity

Webinars

New Products

  • XS4 Original+

    XS4 Original+

    The SALTO XS4 Original+ design is based on the same proven housing and mechanical mechanisms of the XS4 Original. The XS4 Original+, however, is embedded with SALTO’s BLUEnet real-time functionality and SVN-Flex capability that enables SALTO stand-alone smart XS4 Original+ locks to update user credentials directly at the door. Compatible with the array of SALTO platform solutions including SALTO Space data-on-card, SALTO KS Keys as a Service cloud-based access solution, and SALTO’s JustIn Mobile technology for digital keys. The XS4 Original+ also includes RFID Mifare DESFire, Bluetooth LE and NFC technology functionality. 3

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3