I read almost everything the CDC publishes and I am a fanatic for the NIH publications on disease and medical innovations. I personally just think it’s amazing the things that such brilliant people can dedicate research and ultimately find either a cure or a way to treat the condition.
I have been personally following the Anti-Vaxxing movement for a few years now. It has been interesting to see the early impetus for the proliferation of Anti-Vaxxing starting with the Lancet article in the late 1990’s. That article didn’t really hit like it’s publisher had hoped within the medical community, and the professional responsible for publishing it was ultimately disbarred from practice, and the entire article was rescinded as “utterly false” by it’s editors. Fast forward a few years from then and a prominent former Playboy model gains media attention with her “facts” around how vaccines cause Autism and watch as she does the global media dance while referencing that same article and the firestorm of message proliferation spreads. Just because of that one person who happened to have a spotlight nearly a century of studies and factual data countering her assertions were collectively accepted as at least worthy of consideration, and in thousands of new cases parents fought vaccination for their children. One more jump forward in time and those thousands of un-vaccinated children are now of school age and are being noted as starting points for measles outbreaks in areas where the anti-vaccination movement was strongest. Polio and whooping cough, diseases that had been essentially eradicated from the planet have now returned to existence.
How does this apply to cyber security you might ask?
Organizations across the globe are engaged in a fight against the proliferation of “disease”, AKA cyber failures. The reality of the threat space is that the spread of these “diseases” requires the digital anti-bodies out there to essentially enable “infection” for the “disease” to not just survive but thrive.
The industry knows that if you choose to ignore the facts around the failure of those bad practices means that your organization will become “infected” at some point. Added to that it’s one thing to knowingly choose to ignore the data that says you will fail if you ignore those items, but it’s entirely another to “infect” others in the network or via third party connections, it’s willingly propagating failure and knowingly make other businesses “sick”.
Just as with anti-vaxxing the “diseases” in cyber security don't care if you believe or don't believe that you can or will be infected. If you don't have a realistic security plan in place that includes simple, but very effective fixes for the problems (like simply shutting off every application that isn't in use on an endpoint) then you will ultimately get sick. In our opinion and we think it makes sense. Don’t avoid using the medicine that both science and history say will work because of a herd mentality or hype. Use a simple effective solution and fix the problem at its core and get back to business.