There’s an old IT joke that the only truly secure computer is broken, powered down, disconnected from the network, in a locked room, with no key. And as with all really good jokes, of course, this one is essentially true. But the fact still remains: we blithely connect our computers to the Internet. In unlocked rooms even. Even though we all know that all of our computers — servers, desktops, even our phones — are security risks.
Another IT maxim, admittedly less humorous albeit every bit as true, is that perfect cybersecurity is impossible, which is just another way of saying that it would be infinitely expensive. Every manager concerned about security (cyber or any other) must weigh acceptable risks and balance them against the amount they are willing to spend to mitigate those risks. What risks remain are presumably acceptable.
The problem with this line of reasoning is that it’s getting easier and easier for hackers and other malefactors to attack our systems, while it’s getting more and more difficult and expensive to secure those systems. The acceptable risk/security budget balance continues to shift. And it’s just a matter of time until it will tip over completely.
At some point in the not too distant future, IT execs are going to wake up and realize that there is no acceptable level of risk for their connected systems that they can afford to mitigate. At that point, only one answer will remain.
Disconnect those systems. No network connectivity, no APIs, no UPS ports for those ubiquitous flash drives. Put them in locked rooms and throw away the key.
It’s just a matter of time.