Every day I see another example of an insecure system. When I inquire about it, I’m told things like “Oh we used to keep up with it, but we haven’t had any problems” or “We don’t use that program anyway.”
I’ve always wondered: Why are they so complacent? I think I’ve finally figured it out: The ones who are so complacent are the ones that have never had anything bad happen to their systems. For example, I have left my garage door open on occasion. Anyone could have walked into my house and taken anything they wanted; it didn’t happen. In fact, the one time I was robbed, 38 years ago, was when everything I owned was so securely locked, the thieves had to break the door frames on my house and smash my car windows.
Now, I don’t take any unusual chances, but, in truth, nothing bad ever happens to me, so I really don’t worry about security. This has to be why a lot of people go “ho hum!” when I talk about security. It’s like “Why bother? Nothing bad has or will happen to me.”
Well, given today’s environment (see my recent Secunia post), most people are simply whistling past the graveyard. Sooner or later, something is going to happen; maybe not today, maybe not next week or next month, but it’s inevitable.
What do you think?