Can Zealous Security Cause Harm?

By on May 17, 2016

Security Balance

Good security requires balancing risks, costs, and usability. Too much or too little of each can be unhealthy and lead to unintended consequences. We are entering an era where the risks of connected technology can exceed the inconveniences of interrupted online services or the release of sensitive data. Failures can create life-safety issues and major economic impacts. The modernization of healthcare, critical infrastructure, transportation, and defense industries is beginning to push boundaries and directly impact people’s safety and prosperity. Lives hang in the balance; it is up to technology providers, users, and organizations to ensure the necessary balance of security is present.

We are all cognizant of the risks in situations where insufficient security opens the door to exposure and the compromise of systems. Vulnerabilities allow threats to undermine the availability of systems, confidentiality of data, and integrity of transactions. On the other hand, however, too much security can also cause serious issues.

A recent incident described how a piece of medical equipment crashed during a heart procedure due to an overly aggressive antivirus scan setting. The device, Merge Hemo, is used to supervise heart catheterization procedures, while doctors insert a catheter inside blood vessels to diagnose various types of heart diseases. The module is connected to a PC that runs software to record and display data. During this procedure, the application crashed when the security software began scanning for potential threats. The patient remained sedated while the system was rebooted, before the procedure could be completed. Although the patient was not harmed, the misconfiguration of the PC security software caused an interruption during an invasive medical procedure.

Security is not an absolute. There is a direct correlation between the increasing integration of highly connected and empowered devices, and the risks of an elevated frequency of attacks with a greater severity of impacts. The outcome of this particular situation was fortunate, but we should recognize the emerging risks and prepare to adapt as technology rapidly advances.

Striking a balance is important. It may not seem intuitive but, yes, too much security can be a problem as well. Protection is not free. Benefits come with a cost. Security functions can create overhead to performance, reduce productivity, and ruin users’ experiences. Security can also increase the overall cost of products and services. These and other factors can create ripples in complex systems and result in unintended consequences. We all agree security must be present, but there must be an appropriate balance. The key is to achieve an optimal level, by tuning the risk management, costs, and usability aspects for any given environment and usage.

 

Interested in more?  Follow me on Twitter (@Matt_Rosenquist) and LinkedIn to hear insights and what is going on in cybersecurity.

About the Author

McAfee Labs

McAfee Labs is one of the leading sources for threat research, threat intelligence, and cybersecurity thought leadership. See our blog for more information.

Read more posts from McAfee Labs

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to McAfee Securing Tomorrow Blogs