How to Spot a False Sense of Security

Objective for Week 3 (of 8)
How can we make use of simple questions to determine when a false sense of security has led to a preventable cyber incident and use that info to help prevent future incidents?

Claudiu’s Observation: This week's theme is dedicated to spotting "a false sense of security", a simple phrase that is at the root of just about all security breaches, data theft and cybersafety scenarios. Think of every incident that has ever occurred and consider the steps that would have prevented it. It's unlikely that you can't think of any positive action that would have improved the course of events.

Everyone knows the myth of absolute security. But the assumption of sufficient security is often made in the absence of evidence. Why do people and companies prefer to look the other way, when they know that a degree of risk awaits? Why postpone taking the right steps and bet that it won't happen to today?

This optimism bias presents an opportunity for the public, investigators and intrepid journalists to ask... where is/was the evidence to support the notion that a breach would not occur?

Cyber Threats Or Media Sensation? Debunking The ‘Cyber-Kidnapping’ Phenomenon | Claudiu Popa | Cybersafety Expert
The so-called “cyber-kidnapping” trend targeting immigrant and Asian families is not a new phenomenon, but rather a calculated exploitation of human nature by organized criminals. Amidst headlines exploiting fear, uncertainty, and doubt, it’s crucial to recognize the use of buzzwords and alarming narratives, as indulging in sensationalism poses a risk to our trust, privacy, and security.
Global Affairs investigating ‘malicious’ hack after VPN compromised for over one month
Breach forced the department to shut down some internal services and appears to have compromised the data and emails of employees.
NSA Admits Secretly Buying Your Internet Browsing Data without Warrants
NSA admits purchasing Americans’ internet data from shadowy brokers, bypassing court orders.

The illusion of security allows the public to make assumptions in both cases: in the absence of evidence and in the absence of confirmation. In each case, reporters need to ask: if true, what corrective actions can be taken at the individual level, at the municipal level (i.e. law enforcement), at the regional level (i.e. collaboration and policy-driven corrective actions), at the national level (i.e. legislation reform) and at the geopolitical level, where cyberwarfare can take on an entirely different dynamic.

Questions that can be asked:

1. What created the assumption of security?
2. If a vulnerability was suspected, who knew about it?
3. What are verifiably adequate protective measures?

For professional analysis and media soundbites by a certified security and privacy expert with 35 years of experience, click here to request an interview with Claudiu Popa, author of the Canadian Cyberfraud Handbook, CEO of Datarisk Canada, President of Managed Privacy Canada and co-founder of the KnowledgeFlow Cybersafety Foundation, Canada's only non-profit dedicated to bringing digital literacy to vulnerable sector audiences via accredited data protection professionals.

Why Subscribe?

This weekly newsletter is the product of manually curated news presented with the expert commentary of Claudiu Popa. As a weekly publication intended for media and information professionals, the objective is simply to outline common threads flowing through current news stories and identify opportunities to ask the questions that matter. 

Whether you are a professional journalist or a passionate subscriber, this is your opportunity to gain actionable insights into the actual harms and the questions that matter about the real impact of cybersecurity.

Know a media professional? Offer them the Media Cybersecurity Briefing? It’s completely free (for now).