Of myths and security

Very interesting set of articles by Erik Larkin about the last few days of the enduring myths of security - check them out here. He talks about hacking for fun and brownie chops, malware, etc. Fun stuff..

I think one enduring myth beyond what Erik has touched upon is "doing the same thing and hoping for a different result". Einstein said it with more color! I think many organizations are using the same old techniques for preventing losses or breaches with the hope they will produce better results - this might be wishful thinking. The game is far ahead and we have to develop new techniques and change our approach a bit.

Being an information-centric security cheerleader, I think this is one of the changes we as an industry have to move forward with. Thinking that the old, device-centric approach will work every time, since that feels like comfort food, might turn out to be not true...