Cookies help us display personalized product recommendations and ensure you have great shopping experience.

By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData CollectiveSmartData Collective
  • Analytics
    AnalyticsShow More
    data analytics and truck accident claims
    How Data Analytics Reduces Truck Accidents and Speeds Up Claims
    7 Min Read
    predictive analytics for interior designers
    Interior Designers Boost Profits with Predictive Analytics
    8 Min Read
    image fx (67)
    Improving LinkedIn Ad Strategies with Data Analytics
    9 Min Read
    big data and remote work
    Data Helps Speech-Language Pathologists Deliver Better Results
    6 Min Read
    data driven insights
    How Data-Driven Insights Are Addressing Gaps in Patient Communication and Equity
    8 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-25 SmartData Collective. All Rights Reserved.
Reading: Are Security Pros Becoming Too Paranoid?
Share
Notification
Font ResizerAa
SmartData CollectiveSmartData Collective
Font ResizerAa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > IT > Security > Are Security Pros Becoming Too Paranoid?
Security

Are Security Pros Becoming Too Paranoid?

BryanHalfpap
BryanHalfpap
3 Min Read
SHARE
Paranoia is good when it comes to cyber-security…or is it?

Are we making ourselves paranoid?

Paranoia is good when it comes to cyber-security…or is it?

Are we making ourselves paranoid? Like many computer security professionals, I tend to closely follow technology and security news, even though its often discouraging and depressing.  It is routine to see articles disclosing general information about recent attacks and criminal successes (and sometimes criminal captures).  I suppose that at this point it is fairly common to find “shocking” breaches of trust and security in major corporations or large, widely-used or well-trusted systems.  Even reports of malware infections in drone control centers was met with a certain “well it was only a matter of time” feeling. This cynicism is common amongst those who work in the computer security field, both as reporters and as professionals in some capacity from tier 1 support to penetration testing and CSO’s.  When you’re a cynic, you stop being surprised.

What has started to happen as a blowback from all this security bad press and cynisism is a general feeling of paranoia.  This paranoia, advocated by security pros to general users in order to cut down the rate of infection of users and lessen security risks, is starting to creep into the minds and actions of security personnel.

This is a major problem because overly-paranoid security team members can cause major headaches with overreactions to abnormal conditions.  Like in Illinois with the water pump scare, or with the recent rumours of Iranian spy drone hacking.  While computer security problems have plagued us for years, they aren’t always to blame when something unexpected happens.  It’s important not to alienate users, customers, and the world at large by overreacting or acting before all the information is gathered.

It’s like the boy who cried wolf.  If your security team jumps at nothing all the time, they will not be taken seriously when they need to.

Implement policy to fix announcements of false positives.  A simple series of steps and confirmations should be enough to let you detect, learn about, and defeat intrusions.

  1. Verify with users or other policy that system behaviour is unexpected or unwanted.
  1. Gather information about activities on system.  Running programs, users, log information, communications to other systems, and outbound communications are important to know in order to profile the attack and determine the extent of the damage and action.
  1. Disable/disarm attacker.  Use knowledge gained from step 2 to block attackers when starting remediation/triage.
  1. Perform triage and remediation procedures on affected systems.

You will need to determine for yourself when along that process a security disclosure needs to occur in order to remain compliant with standards and honest with users/customers.

TAGGED:false positives
Share This Article
Facebook Pinterest LinkedIn
Share

Follow us on Facebook

Latest News

data analytics and truck accident claims
How Data Analytics Reduces Truck Accidents and Speeds Up Claims
Analytics Big Data Exclusive
predictive analytics for interior designers
Interior Designers Boost Profits with Predictive Analytics
Analytics Exclusive Predictive Analytics
big data and cybercrime
Stopping Lateral Movement in a Data-Heavy, Edge-First World
Big Data Exclusive
AI and data mining
What the Rise of AI Web Scrapers Means for Data Teams
Artificial Intelligence Big Data Exclusive

Stay Connected

1.2kFollowersLike
33.7kFollowersFollow
222FollowersPin

You Might also Like

Reducing False Positives in Customer Screening

4 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

ai in ecommerce
Artificial Intelligence for eCommerce: A Closer Look
Artificial Intelligence
giveaway chatbots
How To Get An Award Winning Giveaway Bot
Big Data Chatbots Exclusive

Quick Link

  • About
  • Contact
  • Privacy
Follow US
© 2008-25 SmartData Collective. All Rights Reserved.
Go to mobile version
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?