Security through obscurity no longer works

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360

Security through obscurity no longer works

To avoid tipping off hackers, many companies are secretive about their network defences. Being open is a better approach

published : 17 Aug 2021 at 18:31

a screen shot of a man

© The Bangkok Post

Netflix has a lot of valuable data it needs to protect from hackers. Tens of millions of households entrust the company with their personal information, including credit card details and the viewing habits of each family member. Netflix also wants to keep its popular TV series beyond the reach of those who try to view the content without paying.

For a company with so much digital treasure, Netflix hasn’t had many security mishaps. The worst incident occurred in 2017, when a group called Dark Overlord broke in and released some new episodes of Orange is the New Black on the Internet.

Of course, many companies have digital assets to secure. What makes Netflix unusual is how transparent it has become about its cyber defences. In response to the Dark Overlord hack, it developed dozens of open-source cybersecurity products that other companies are allowed to use freely. Netflix saw that harnessing the world’s pool of programmers to build its security software actually made the company, and its data, more secure.

You might expect that companies would be better off keeping their cards close to their chest. The less hackers know about how a company guards its data, the safer the data becomes, according to this line of thinking.

In fact, the opposite is true. Secrecy in cyber security puts everyone at risk: the company, its customers, and its suppliers.

Electric vehicles serve as a good example of the value of openness in cyber security. Many models require extremely sophisticated software that has to be updated frequently. For example, Tesla distributes updates to owners at least once per month.

To deliver updates, an electric car maker requires worldwide access privileges to the on-board computers on its cars. Naturally, car owners want certainty that this does not expose them to hacking, remote carjackings and shut downs, or being spied on as they drive. For this reason, makers of electric vehicles need to be extremely open about their cyber security so…