Here’s two things you need to know about this week…
When you search Google, you get results based on what you provided as parameters of the search.
When you get those results, you often comb through them looking for the most relevant ones and to ensure they are responsive to nuances of the search that may exist beyond the parameters that you set in your search (i.e. you provided “shoe stores near me”, but you are looking for men’s dress shoes)
We all do it, we comb through the results of the search to find the most relevant ones. We trust that we have complete results, but we verify that the result is something useful to us.
The same goes for Chat GPT – Trust, but verify. Technology can afford us all wonderful tools to simplify our lives and increase our productivity, but we need to verify the result based on our own knowledge and experience to ensure the result fits the context of the situation.
Chat GPT – Trust but verify.
Vendor XYZ Vulnerability, Vendor ABC Vulnerability and finger pointing – As people in the Cybersecurity space we often see finger pointing when it comes to highlighting the woes of another vendor or competitor. But some of us would like the wider Cybersecurity community to not take the bait. Whether it was the crimes that the bad actors committed recently against Cisco, Fortinet or any myriad of other hardware/software vendors, it’s important to remember that these exploits are being leveraged by those who seek them out with the intent to do us all harm.
Just like King Theoden said in the Lord of the Rings, “What can we do against such reckless hate?”
The answer in cybersecurity is to know what’s on your network and to work quickly to remediate or patch the hole, or limit access until such time a patch or fix is available. Certainly, if it’s not your company that had the exploitable vulnerability there is some schadenfreude to be had, but I might offer that the finger pointing does little more than erode trust. Don’t get me wrong, people need to know about those exploits, but the manner in which we tell them has a real opportunity to build integrity across our profession.
These events should do one thing, remind us of the importance of knowing what’s on the network. It is very hard to protect something we don’t know about.