100% Secure is a Myth. Risk cannot be Eliminated, only Reduced

Source: Pixabay

My career in Information Technology spans 20 years. During that time, there have been a few perennial questions. One in particular stands out: How can I guarantee that my information is 100% secure? My answer is, and has always been, you can’t.

There is no such thing as “100% secure.” In fact, in today’s hyper-connected world, the risks to an individual or company’s data are increasing. The Internet of Things (IoT), and wide-spread proliferation of mobile devices, simply increases the potential attack surface for would-be opportunists and miscreants. Anyone that says otherwise either doesn’t fully understand how computing devices and network communications work, or is trying to sell you something, or a combination of both.

100% information security is a myth. There is no silver bullet solution that will protect your personal, or company information. If an attacker wants it badly enough, they will get it. The solution? Increase the costs that the attacker has to pay to get access to your information. Make them work for it. Take a multi-layered approach. Depending on the attacker’s time and resources, they may choose an easier target with low hanging fruit.

Let’s look at a simplified example of reducing some of the risks with managing your own email service. If you have your own email server, you should route your email through a third party that provides filtering before it hits your mail server (Layer 1). Once it reaches your mail server, run additional security software on your mail server (Layer 2). Once it leaves your mail server and goes to your devices, yup, you got it, another layer of security software (Layer 3). Is your email now guaranteed to be 100% safe and secure? NO, but it guarantees that the risks of infection/compromise have been significantly reduced! Risk cannot be eliminated, only reduced.