Don’t Go Chasing Information Security Unicorns

You may have noticed that unicorns are in the news a lot of late. Often, they are referred to in relation to Theresa May’s obviously unachievable Brexit ambitions but these are not the only unicorns in the, erm.. unicorn stable.

In fact, they come in many different guises: There are the blockchain unicorns – fantastical statements describing how blockchain is the answer you’ve been looking for, you just didn’t know it yet.

Then there’s AI – Artificial Intelligence. Just about every software solution out there now seems to have some embedded AI capability built-in, which is really clever, as it doesn’t actually exist yet.

Then, about once a year someone (usually IBM) announces they finally have created a commercially available Quantum computer – fantastic! Except it’s not actually available unless you happen to be one of the very few chosen ones allowed to access it online and it doesn’t really do anything useful anyway.

A couple more perennials spring to mind as well, Graphene is a regular favourite, as are world changing everlasting batteries. In fact, there’s even a graphene-based world changing battery. A double unicorn!

Sorry if all this sounds a bit cynical, I really don’t mean it to be, all the above examples are a glimpse into a truly exciting and achievable near future, we must forgive our media outlets for being a bit presumptuous with their headlines, their links aren’t going to click themselves after all.

If there is one unicorn synonymous with the world of Information Security, it’s that of the ‘un-hackable’ widget or application. If there is a truism in Information Security, it’s that shortly after a vendor proudly announces they have come up with an ‘un-hackable’ something it will get soundly hacked.

Case in point is John McAfee (yes that McAfee) who produced an ‘un-hackable’ bit coin wallet. So sure was he of its credentials that he offered $100k to anyone who could hack it.. Which promptly happened.

Along similar lines more recently, was Apple’s proud claim on a Los Vegas billboard where CES2019 was being hosted that announced: “What happens on your iPhone, stays on your iPhone.” A clever play on the classic ‘Vegas quote and one that, predictably, ended up with a fair amount of egg on Apple’s face. A month later it turns out that numerous Apple apps are recording and harvesting your every interaction with them and they neither ask or you even tell you that they’re doing it.

The idea of bringing this to your attention though, isn’t to point the finger at any one vendor, more it’s to underline that there are no infallible information security software solutions out there. Use them but use them as just one component in a comprehensive information security framework.

So leave the unicorns in the enchanted forest where they belong and trust in a robust and comprehensive information security framework instead.

Did I just say that out loud!?

Risk Crew