Junior members of the IT department may hide the components that make up their system. In the Zoom bombing cases, it created a false sense of security that led teachers and students to assume they were secure just because the link was private.Īt an organizational level, security through obscurity is even riskier. At the same time, reliance on security through obscurity could be to blame. Of course, this issue stemmed from the pandemic's rapid digital transformation, where individuals weren't entirely aware of the necessary precautions for the technology they used. There was a rash of incidents where uninvited guests showed up to meetings, said inappropriate things, or shared objectionable content. However, it wasn't long before bad actors took advantage of it. They'd share those with students, under the belief that only they would be able to access the meeting. At the pandemic's start, many schools had to move classes online and took advantage of meeting-specific links. ![]() That's exactly how the practice of "Zoom bombing" was born. The theory in this is that no one will accidentally guess a link, so as long as it's hidden and only given to certain people, it's safe. A straightforward explanation is when a company requires a person to have a specific URL-which isn’t published or linked from the site’s navigation-to get onto a site or portion of a webpage. Security through obscurity is the practice of “hiding” information, presumably to keep it out of the hands of bad actors. It helps both developers and their customers understand the various components in their system and locate issues that could lead to vulnerabilities. System transparency is far more beneficial to organizations that want to protect their network and respond to threats proactively. It may make theoretical sense to some, but in practice, this policy of obfuscating system information does more to help hackers than hinder them. With it, companies make a mistake that puts them at a disadvantage when faced with an attack on their network. The first thing any organization needs to know about security through obscurity is that it's not a technique.
0 Comments
Leave a Reply. |