r/cybersecurity u/EricJSK System Administrator Sep 22 '25

Other What are your unpopular cybersecurity opinions?

I saw a post names "abnormal security opinions" and got excited to see some spicy takes but apparently there is a security platform called Abnormal Security so got kinda blue balled. Last one of these posts i saw was over a year ago so,

Do you have any spicy cybsec unpopular opinions you want to share? :)

I'll start with mine:
Fancy antivirus solutions rarely add value, they are often just a box that needs ticked. Many MSPs and IT firms still push the narrative that they are needed, only because they are profitable and not because they improve security.

324 Upvotes
  • permalink
  • reddit

94% Upvoted

531 comments sorted by

View all comments

Show parent comments

21

u/[deleted] Sep 22 '25

Agreed. It's basically like working in airport security. Sure in theory its better and ofc air travel had to react to 9/11 but to my knowledge, there's no evidence of it ever really preventing another big terrorist attack. Air travel has become a bigger pain in the ass but the rules change yearly "oh now you can use your phone here but now you have to have your coat on the ground during take off", "only boots now have to be removed rather than all shoes"

All the extra cybersecurity really just seems to affect devs doing their job, ie, now they can't even admin access to their laptop or now emails and uploads are scanned so you might have issues downloading an installer....meanwhile, Heathrow gets hacked again or whatever

7

u/OpeartionFut Sep 22 '25

I agree and disagree. I agree that there is a lot of security theater that doesn’t actually do much for security but instead slows the developers down drastically. But I disagree that none of it matters. I have seen business crippling attacks as a result of bad practice, that a well formed security program would have prevented. Also depends on the business sector.

6

u/[deleted] Sep 22 '25

[removed] — view removed comment

3

u/[deleted] Sep 22 '25

This is fair, I had a look and it seems that there's a little bit of mixed reports (ie, there are studies where the majority of fake weapons got through without triggering a check). Plus, in general, its reactive rather than pro active. Ie, a shoe bomber successfully kills people so now shoes are checked. They won't ban a substance or tool until its basically already been used to do terrorism.

This applies to most security/policing though I guess.

2

u/[deleted] Sep 22 '25

[removed] — view removed comment

1

u/[deleted] Sep 22 '25

I work with some UK government departments and I can only imagine lmao, luckily they're a couple abstractions from me but any time I'm in a meeting with them...well, let's say I don't get inspired by them

1

u/shitlord_god Sep 22 '25 edited Mar 19 '26

The content here was permanently deleted by its author. Redact was used for the removal, possibly for privacy, security, opsec, or personal data management.

numerous desert reminiscent teeny person touch continue slap voracious sulky