Security Is | Revenue & Trends

The hottest Substack posts of Security Is

And their main takeaways

VPNs used to be essential for online security, especially on public WiFi, but that's changed with HTTPS being widely available. Now, most websites encrypt your connection by default.
While VPNs can protect your IP address and DNS queries, for most everyday users, these aren't major issues anymore. Modern browsers and services help keep our connections safe.
Using a VPN isn't a priority for everyone, and it might not be worth the investment, especially for regular people who just want basic online protection.

AI doesn't really fix security problems well. Many times, the technology just doesn't work in the tough, unpredictable environments that security deals with.
The best results in security often come from simple, clear procedures, not from complex machine learning models. Basic rules can solve most problems effectively.
Generative AI can help with minor tasks but isn't a magic solution for security. It might even confuse people about important issues, rather than clarify them.

Many security controls are useless, wasting resources and time. It's crucial to understand why you're implementing a control to avoid just following the crowd.
If you can't explain why a security control is needed in a simple way, it's likely not very useful. Good controls should have clear reasons behind them.
Wasting time on unnecessary controls can harm everyone in the industry. Focus on meaningful security measures to make better use of limited resources.

Most breaches are due to simple mistakes, like employees accidentally sending confidential info to the wrong place. Security teams need to focus on basic issues before tackling more complex problems.
A large portion of breaches starts with phishing or stolen credentials. Companies should invest more in security measures like multi-factor authentication and employee training to lessen these risks.
Generative AI hasn't impacted security breaches significantly yet. Most attackers are still using traditional methods, and no one seems to be targeting AI systems directly.

A Software Bill of Materials (SBOM) lists all the components in software, which can help in understanding security risks but isn't a magic fix for vulnerabilities.
The real issue with fixing vulnerabilities isn't about having information; it's about how hard and complicated it is to apply patches to software.
While SBOMs are getting a lot of hype, they mostly offer a new format for existing information and may not change how organizations manage security vulnerabilities.

Get a weekly roundup of the best Substack posts, by hacker news affinity:

Encryption is important, but it's often treated as a checkbox in cloud environments. Many people believe that encryption at rest and in transit fully secures their data, but this isn't always the case.
In cloud settings, especially with services like AWS, anyone with the right permissions can access data regardless of whether it's encrypted at rest. This means encrypting data on the storage level may not offer as much protection as people think.
Instead of focusing heavily on encryption, businesses should prioritize their access controls and permissions. Properly managing who can access what data is often a much more critical aspect of security.