The first law mentioned, “If there is a vulnerability, It will be exploited.” is something I agree with. Hackers find any vulnerability they can to reach their end goal. Law 2, “everything is vulnerable in some way.” is correct. Even if the code is not wrong, as discussed in another class, a presentation was made on human firewalls. In that video, he shared that just telling someone their pet name or childhood street can be an information leak and that is not through code, but through us just chatting with friends or strangers. The third law applies to the same concept “Humans trust even when they shouldn’t”. “With innovation comes an opportunity for exploration”. This perspective is unique but true and is based on laws 1 and possibly 2. When new technology is developed, the risk of vulnerability is great. Even after product testing and double-checking for errors, until it is released it may be easy to overlook or where there is a will there is a way. When a technology is first released there are often bugs and updates are sent to fix it and that can be exploited whether it is the bug or even the update being hacked and sending out a virus instead. Lastly, “When there is doubt see law number 1”. This focuses on when you have doubts that you are secure you have to remember that if a vulnerability exists you are at risk.
These laws are essential to remember and I agree with them all and think you can never be too confident, but that doesn’t mean being scared all the time. What it means is do not have doubts but also do not be too reliant and have no protections or a backup plan set.
Resources:
Espinosa, N. (n.d.). The five laws of cybersecurity | Nick Espinosa | TEDxFondduLac [Video]. TED Talks. https://www.ted.com/talks/nick_espinosa_the_five_laws_of_cybersecurity?language=enLinks to an external site.
TEDx Talks. (2017, November 28). Your human firewall – the answer to the cyber security problem | Rob May | TEDxWoking [Video]. YouTube. https://www.youtube.com/watch?v=BpdcVfq2dB8