Security theater. Cargo cult security. Pick your favorite metaphor. They both mean the same thing--hand-wavey "OH MY GOD WE'VE GOT TO DO SOMETHING" even if the something in question does nothing to improve security, costs insane amounts of money, and wastes everyone's time and energy.". His inspiration? The US Transportation Security Administration (TSA). Wasting billions of dollars a year on pointless and invasive airport screening post-9/11 satisfied our emotional need to do something but did not, and does not,.
Likewise, cargo cult security is more common in cybersecurity than you might think. The Polynesian were newly discovered South Pacific tribes who were so awed by airplanes, and the Western food that arrived in said aircraft, that they built life-sized model airplanes out of sticks, thinking doing so would bring more food. Are you so much smarter? Maybe not. Today technology is so advanced that we are all cargo cultists in one way or another. Going through the motions without understanding the "why" creeps quickly into cargo cult territory.
Finding and eliminating security theater and cargo cult security in your organization can be the difference between preventing a business-destroying data breach and staying afloat until the pandemic is over. Here are some dramatis personae to look for in your security budget.
Bad security awareness training
To continue reading this article register now