While sitting in one of my favorite coffee shops, someone asked me what I did for a living, so I told them. They were in their 70s and said: “I don’t understand all that cybersecurity stuff, it’s way over my head…” So I began to ask her how much she knew about things like the Pony Express, Morse Code, Telegraph, etc. Not because she was in her 70s, but because it predates “cybersecurity” and I’m 52, so It’s new for me as well.
My thinking was of the nature of how we now call the Internet the “cloud.” Well, IMHO, cybersecurity is about path and destination. Nearly everyone can understand that. I gave her those examples hoping to give her a clear understanding. So we started talking about the Civil War with which she was familiar. I asked her about her understanding of secret and “secure” communications back then. Right away she recalled how telegraph interceptions happened, and you could see the light go off in her mind.
Even back then, though we did not call it cybersecurity, it was the same thing—path and destination. Today, we call it data at rest and data in transit, but it’s the same concept.
We can try to change the names and speed up the transmissions but security is always going to end up being a problem. But what do we only focus on cyber? What about physical? We can blame only cyber all we want to. As the saying goes, “putting lipstick on a pig does not change the fact that it is still a pig…’ or something like that.
When looking into your cyber security, never forget about your physical path and destinations. As long as we depend on the one “information superhighway” no matter what on-ramp we use, it’s a linear path to multiple destinations. Just remember, IT companies will at times sound very high-tech when it’s simple as ABC. Think about path and destination examples, driving to the grocery store or work, flying from North Carolina to California. Things can happen in your path or at your destination. Sometimes you can do something to prevent issues, sometimes you cannot.
The most important thing is to be resilient which means you must look not only at cyber but physical as well.