Your IT Support Experts

We partner with many types of businesses in the area, and strive to eliminate IT issues before they cause expensive downtime, so you can continue to drive your business forward. Our dedicated staff loves seeing our clients succeed. Your success is our success, and as you grow, we grow.

Free Consultation

Interested in seeing what we can do for your business? Contact us to see how we can help you! Sign Up Today

Haber Group Blog

Not All Cybersecurity Efforts Work to Keep You Secure

Not All Cybersecurity Efforts Work to Keep You Secure

There are many security buzzwords that come into play when the technology available to help secure a business is discussed. The problem is that many of these buzzwords sound great but are actually very poor fits to the real needs of most small and medium-sized businesses. Let’s consider how these buzzwords play into the concept of “security theater” and how this can impact businesses negatively.

“Security Theater”

Coined by cybersecurity technologist Bruce Schneier in the early 2000s, “security theater” describes any security efforts that make one seem more secure but do very little to enhance security in the practical sense despite the costs associated with them. The concept is reliant upon the notion that security exists in two forms: the emotional feeling of being secure, and the quantifiable mathematical and scientific improvements that one can make to their protections.

For an example, let’s look to a personal anecdote that Schneier shared in a 2007 blog article.

In this article, Schneier shared an observation from his visit to the maternity ward after a friend’s child had just been born. The infant had been outfitted with an RFID tag bracelet, the purpose of which being cited as a preventative measure against infant theft.

However, at the time that Schneier visited the ward, infant abduction was remarkably rare.

This led Schneier to hypothesize that the bangles weren’t adopted as an actual security measure, but instead as a performance of security theater. By “protecting” an infant against “abduction,” the new parents could spend a few moments away from their baby without too much worry.

Let’s review the hospital anecdote. While they certainly weren’t free, the tags that were used to “track” the infants were available at an extraordinarily low cost. As a result, making the investment to mitigate an incredibly unlikely issue was considered more acceptable, because it improved the experience of the parents.

Schneier also cites an even more recognizable example: the tamper-resistant packaging that was introduced on over-the-counter medications in the 1980s. Poisonings were getting a lot of attention in the press at the time, and despite the statistical likelihood of an actual incident being so low and the tamper-resistant packaging not being all that tamper resistant, the impression it made was thoroughly positive.

This is because, in both cases, the performance of security theater helped to make the perceived threat level more in line with the actual threat level. Of course, while the benefits that security theater can offer are very real, so are the costs of putting on such a show.

Is Security Theater Worth the Price of Admission?

I want you to consider a very real potential outcome of these kinds of displays: what if the piece of security theater you invest your money in is actually making your real security measures less effective?

Consider what happened to Target in 2013. The company was hacked when their security teams overlooked the warning signs of a breach as they were buried in a deluge of other notifications. Let’s dive deeper into the threat of “overacting” in your security theater, starting with the situation that Target created.

Too Many Alerts

I want you to consider what happens when your company chat is a flurry of activities that ultimately don’t involve you. Eventually, you tune out the notifications to try and stay productive, right? The same thing happens with your security notifications if there are far too many of them that ultimately mean nothing. As a result, you and your team will gradually stop paying attention to them, allowing the actual threats to come in. Recruiting an MSP to assist you can help sort out these notifications, with the real threats attended to and interruptions minimized.

Too Many Password Changes

Password security is important, but believe it or not, there are some measures that are more counterproductive than anything else. Take, for instance, monthly password updates. With these requirements forced on them, your employees may resort to password patterns or keeping a written note of their password to keep track of them all. It is better to instead use a moderate password policy and supplement it with options like single-sign-on and multi-factor authentication (MFA).

Of course, passwords should be changed sometime down the line, but you have to be sure that you aren’t driving your employees into bad habits.

Insufficient User Awareness

One of the biggest reasons that user vulnerabilities are such a serious cybersecurity issue is because many users don’t know any better, as they were not effectively trained to respect cybersecurity policies. Rather than including their team in regular security-based training forums, many companies will instead devote an afternoon to a long, ineffective lecture.

Haber Group has the means to close the gap between your security theater and your functional security. To learn more about the solutions we can offer, reach out to us today by calling (866) 625-3560.

What to Do if a Hacker Threatens You
Tip of the Week: Changing Your Notification Settin...


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Thursday, October 29, 2020
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

By accepting you will be accessing a service provided by a third-party external to

News & Updates

Haber Group is proud to announce the launch of our new website at The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our services for prospective clients.

Contact Us

Learn more about what Haber Group can do for your business.

Haber Group
39 West 38th Street Suite 9E
New York, New York 10018