Security News > 2020 > September > How security theater misses critical gaps in attack surface and what to do about it
Bruce Schneier coined the phrase security theater to describe "Security measures that make people feel more secure without doing anything to actually improve their security." That's the situation we still face today when it comes to defending against cyber security risks.
Broaching a concern such as security theater with security professionals can result in defensiveness or ire from disturbing a well-established process, or worse, practitioners assuming there is some implied level of foolishness or ineptitude.
Rather than lambasting security theater practices outright, a better approach is to systematically consider what gaps may exist in your organization's security posture.
The irony is that attackers therefore often have a truer picture of an attack surface than the security team charged with defending it.
Even well-established practices such as penetration testing, vulnerability assessment and security ratings result in security theater because they revolve around what is known.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/WvR0mATHv_M/
Related news
- CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Critical RCE flaw in Apache Tomcat actively exploited in attacks (source)
- Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters: Are You at Risk? (source)
- Critical GitHub Attack (source)
- Critical Cisco Smart Licensing Utility flaws now exploited in attacks (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- AI-Powered SaaS Security: Keeping Pace with an Expanding Attack Surface (source)
- Critical auth bypass bug in CrushFTP now exploited in attacks (source)
- Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities (source)