Security News > 2020 > September > How security theater misses critical gaps in attack surface and what to do about it
Bruce Schneier coined the phrase security theater to describe "Security measures that make people feel more secure without doing anything to actually improve their security." That's the situation we still face today when it comes to defending against cyber security risks.
Broaching a concern such as security theater with security professionals can result in defensiveness or ire from disturbing a well-established process, or worse, practitioners assuming there is some implied level of foolishness or ineptitude.
Rather than lambasting security theater practices outright, a better approach is to systematically consider what gaps may exist in your organization's security posture.
The irony is that attackers therefore often have a truer picture of an attack surface than the security team charged with defending it.
Even well-established practices such as penetration testing, vulnerability assessment and security ratings result in security theater because they revolve around what is known.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/WvR0mATHv_M/
Related news
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks (source)
- Balancing usability and security in the fight against identity-based attacks (source)
- Security pros more confident about fending off ransomware, despite being battered by attacks (source)
- Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Don't Overlook These 6 Critical Okta Security Configurations (source)
- Critical PostgreSQL bug tied to zero-day attack on US Treasury (source)