Fresh Thoughts #116: Trust, But Verify
- Newsletter
Humans, by our nature, are optimistic.
It's an evolutionary necessity.
But working in cybersecurity - that's easy to forget.
Scammers are constantly trying to dupe the naively optimistic among us.
I've written in the past about trust.
And over the weekend, I heard a phrase that I used constantly when I worked with audit and security certification.
“Trust, but verify.”
I can't count the number of times I've been told, “MFA is enabled for all accounts.”
Only to find, a few months later, a breach occurred because an account didn't have MFA enabled.
Many years ago, I understood that the phrase came from Ronald Reagan.
However, a Sunday evening trip down the rabbit hole found a different and more interesting origin story.
The Origin of Trust, But Verify
It is true that Reagan popularised the phrase in the early 1980's.
But the phrase comes from the Russian proverb “доверяй, но проверяй”.
Literally, “Trust, but check.”
Which is attributed to a 1914 pamphlet published by Lenin.
Lenin wrote, “Put no faith in words; subject everything to the closest scrutiny...”
What I find most interesting is that Reagan's repetitive use of the phrase was about building a connection with the Soviet Union via an area of agreement.
It was intended to break from the past and attempt to thaw Soviet-US relations, ultimately leading to a nuclear arms control treaty.
It was pure diplomacy - something lacking in today's world.
And out of this came a phrase that every experienced cybersecurity professional will have heard many times and may occasionally use.
Final Thoughts
As optimistic creatures, we will have a tendency to trust.
But when was the last time you checked a crucial linchpin detail?
It's why we have audits.
To trust, but verify.
April 30, 20241 Minutes Read
