 |
| Image from Pixabay |
It's
the perfect time of year to catch a cold. During the corona period we skipped
this annual ritual, because having little contact with other people and hardly going
anywhere, there was little chance of encountering a cold virus. But this year it’s
business as usual for my family.
No
matter how harmless a cold is for otherwise healthy people, we all know that it
can make you quite miserable. One stumbles to the medicine cabinet to find
relief. Nasal spray, cough syrup, paracetamol – all are standing by to relieve
your complaints. Plus some home remedies, such as steaming, drinking tea with
honey or licking popsicles.
What
is so unfortunate about all these remedies is that they only treat the symptoms
of the disease. The nasal spray allows you to breathe more freely for a while,
the ice cream numbs your throat a little and the paracetamol helps against pain
and fever. On the website of the united Dutch physicians, paracetamol is
ignored completely on the page about colds ("Medication is not necessary
for a cold"). Completely unnecessary side note: I’m not giving medical
advice in this blog post.
Why
is there no medicine or vaccine against a disease that is so common and causes
a lot of discomfort? Seems like a gold mine for the pharmaceutical industry to
me. But it turns out that there are so many viruses that can give you a cold
that it’s simply a hopeless task. Moreover, those viruses mutate quickly; a
vaccine developed today will be worthless tomorrow. By the way, research is
still being done, especially because people with asthma can become very ill
from a cold.
Of
course, symptom relief also takes place outside the medical domain. For example
in my own profession. To stay close to the common cold: how about a virus
scanner? This relieves the complaints we have from viruses. Not like a nasal
spray for a cold, but preventative: you either become infected or you don't.
The relief lies in the number of infections you have to deal with. But it doesn’t
contest the phenomenon of computer viruses as such. That is precisely why it is
important to equip as many ICT resources as possible with those digital face
masks.
The
step from symptom relief to the placebo effect is not that big. If I have a
sore throat and therefore eat a popsicle, I almost feel obliged to feel less
pain for a while, while my mind really doubts the effect. That's harmless, but
it gets bad when I think that a popsicle is also the right treatment for, for
example, severe, persistent stomach pain. For some ailments you simply have to
go to the doctor.
There
are plenty of placebos in information security. For example, the security of a
system does not really improve by carrying out a risk analysis. Only if you act
upon the results of that analysis by taking measures, risks will be reduced.
Another form of risk treatment is risk acceptance, but it is clear that this
does won’t benefit the security of the system - no matter how legitimate acceptance
may be in a certain case.
Compliance
with regulations is another one. Quite a few organizations do all kinds of
things because they have to. Meanwhile, no computer has ever become more secure
because someone has written a mandatory document. Only when the content of that
document comes to life we can make progress. Unfortunately, it often stops at
the signing of a document – but the auditor will be proud of us! (I’m probably
– hopefully! – wronging a friendly professional group with this comment.) Yes,
I also do all kinds of mandatory stuff, but it’s always based on my drive to
optimize security. The fact that I also get a green tick on a checklist
somewhere is a bonus, but it should never be the goal.
To
catch a cold, you need a virus. You won't catch a cold from sitting in a draft
or going outside with wet hair. Likewise, nothing goes wrong with a computer
due to potential risks. Problems only arise when a risk actually manifests
itself. But just as I keep a little more distance from a sniffling family
member, a list of risks relevant to your systems helps you avoid them.
And in the big bad world...
This section contains a selection of news articles I came across in the
past week. Because the original version of this blog post is aimed at readers
in the Netherlands, it contains some links to articles in Dutch. Where no
language is indicated, the article is in English.
- Google saw doubling the amount of zero-day exploits last year.
- a virus scanner can also become infected. [DUTCH]
- Dutch police discovered more than seven million email addresses among criminals, intended for phishing. [DUTCH]
- Facebook had a secret project to intercept Snapchat traffic.
- Telegram came up with a bizarre premium subscription giveaway.
- China is often mentioned in the context of cyber attacks. [DUTCH]
- China now also distrusts Western stuff (or, they take revenge). [DUTCH]
- we can all learn something from the ransomware attack on the British Library.
- a British nuclear company is being prosecuted for alleged IT security violations. [DUTCH]
- The German government is certifying video conferencing services. [DUTCH]
- the European Council has approved the European digital identity.
No comments:
Post a Comment