Wednesday, October 25, 2017

With so many experts, you have so many recommendations to choose from

That's not a vote of confidence, actually.  Why is security so hard?  Even security experts can't agree:
A Google-conducted survey of 231 infosec pros worldwide has reaffirmed the industry's faith in strong passwords, and achieved consensus about nothing else. 
It's almost unfair to make fun of the study's title, “152 Simple Steps to Stay Safe Online: Security Advice for Non-Tech-Savvy Users”, because that's clearly an editorial slip-up (the document [PDF] also includes the note, “ED: Please provide section title”). 
What's clear is that infosec types can't agree, on an industry-wide basis, on the content of anything like the Australian Signals Directorate's (ASD's) enterprise-focussed “Essential Eight” safety strategies.
Sigh.  Not only is there no agreement, things are really all over the map:
Here, we pick out everything with more than 30 mentions: 
AdviceMentions
Patch systems and software90
Use unique passwords68
Use strong passwords58
Use multifactor authentication36
Use antivirus software35
Use a password manager33 
However, to Vulture South's eagle eye (sorry), it's depressing how many things we'd consider obvious lacked traction even among experts. 
AdviceMentions
Don't open unexpected attachments19
Limit privileges (don't run as admin)12
Backup your data10
Don't trust open networks4
Lock all devices4
Don't use Java4
Only 10 experts said back up your data?  Yikes.

This is why we can't have nice things on the Internet, folks.

3 comments:

Old NFO said...

You do have a point... And I DO backup...

Joseph said...

So..........what security guidelines are in place for Castle Borepatch?

Borepatch said...

Joseph, I'm happy to give you a debrief. Just give the usual password at the Castle Borepatch drawbridge ...