If you were looking for a prevalent theme in cybersecurity, fear, uncertainty, and doubt (or FUD for short) would be it. And unfortunately, it has been a constant mantra in the technology industry since the early 1970s.
Supplying negative information to influence decisions is a simple but effective strategy. It's easy to see why FUD has become ubiquitous, especially in the world of cybersecurity. The constant fear of doom is the only thing that can make people take cybersecurity seriously (and ultimately pay more for cybersecurity solutions) - or so the thinking goes.
What's all the FUD about serverless security?
In the world of serverless, FUD abounds. After all, serverless is fundamentally changing the way we think about applications and write code. So it is no surprise that you get plenty of FUD with claims that serverless adds new attack surfaces and increases existing attack surfaces or that serverless security is harder to manage.
As we have discussed in our recent whitepaper (which you are welcome to read here), new technologies will always raise security questions and concerns. However, claims that serverless poses new risks are entirely incorrect.
In fact, despite what many sensationalist headlines will tell you, there are no new cybersecurity threats that are serverless-specific. Moreover, serverless can improve an application's security posture, as it provides security advantages such as a small, contained blast radius.
Why cut the FUD
"Despite professing anti-FUD rhetoric, cyber experts fan the flames, breathlessly sharing the details of the latest data breaches. It's a dangerous addiction that can lead to security apathy in enterprises," says Dan Lohrmann, CSO of Security Mentor, Inc.
The stories of major breaches, sinister hackers, outrageous phishing schemes, multi-million dollar mistakes, data theft, digital bank robberies, critical infrastructure hacks, and other disasters, do have a certain allure. People love reading, liking, sharing, and talking about them. What's the harm in that? Here is the problem - FUD becomes a serious long-term concern when overused.
Don't get us wrong, in small doses, FUD can indeed be quite useful in gaining attention and spurring action. However, the excessive hyperbole around cyber and serverless security, along with a focus on unlikely doomsday scenarios is mostly counterproductive, causing companies frantically overpaying for "the next big thing" or succumbing into action paralysis and apathy and not taking any action at all.
It is inevitable that serious cyberattacks will continue to happen. And it is true that we need to consider the security implications of new technologies, serverless included. However, we must stop our attempts to mobilize decision makers and the public through prophecies of doom and FUD.
To spur meaningful action, we need to be security enablers and offer solutions, not dwell in doom and gloom. We need to focus on most likely risks and practical means to address the issues we face, not sensationalist headlines and theoretical problems that are blown out of proportion.
Introducing the FUD button
FUD is addictive; we just can't seem to get enough. But we believe that leaders (ourselves included) need to be held responsible when they overuse FUD.
Here at Nuweba, our goal is to avoid promoting misleading information, FUD, and doomsday scenarios. However, some FUD may still slip into our content against our best judgment.
That is why we want our readers to call us out on any FUD material they may find. Please use it when necessary, and let's clean up the industry from all the FUD noise and concentrate on what truly matters - practical solutions to real (and not made up) problems.
Try out the Report FUD Button now by highlighting this text!