Cybersecurity discourse is full of platitudes that seem obvious and compelling at first, but more thoughtful consideration shows they are misinformed, ineffectual, or counterproductive. Unfortunately, people repeat these platitudes so frequently they take on the patina of truth and distort perceptions about cybersecurity priorities and courses of action. Three such staples of cybersecurity conventional wisdom—“it’s a people problem,” “protect the crown jewels,” and “cyber threats are new and constantly changing”—are especially troubling.
It’s a People Problem
“Cybersecurity is a people problem, not a technology problem.” This platitude often takes another form: “People are the weakest link.” While people do make mistakes, ...