Fresh Thoughts #6.5: Trust is Earned (Sometimes)

    Newsletter
jumping off a cliff into the sea

Trust is Earned: Part 1

Trust is earned.

Trust is doing what you say you will - over time.

Our strongest trust is often in our family. They pick us up when we fall.

Trust in an old friend who you don't speak to often. But you know exactly how the conversation will go when you do.

Trust in a longtime colleague.

Trust is not unique to cybersecurity.

Trust is (Sometimes) Earned: Part 2

Cybersecurity has a different view. Trust is about certificates, private encryption keys, and "roots of trust". It's about saying X is accurate and hasn't changed.

Trust is centralised.

It's based on a technology backed by an expert or institution.

But what if the technology fails? Or the expert and institution make a mistake? Just like Nvidia did earlier this month.

If you didn't see the news - Nvidia's private encryption keys, used to assign trust to their apps on Windows, were stolen. It took only 24 hours before these trusted encryption keys were used to sign viruses and malware. Meaning the malware became a ”trusted app”.

Experts and institutions are fallible.

Based on experiences and evidence, humans start with limited trust and let it grow over time.

When the cybersecurity industry says - "Trust me. I'm an expert...." then silently adds, "...until I make a mistake." Maybe it's time for cybersecurity to have some humility and learn from everyday experiences.

Maybe the industry should start by earning trust rather than assuming trust and leaving customers to pick up the pieces when there is a failure.

March 18, 2022
1 Minutes Read

Fresh Thoughts to Your Inbox

Fresh perspectives on cybersecurity every Tuesday. Real stories, analytical insights, and a slash through buzzwords.

We'll never share your email.

Related Reads

Freshsec Logo

Subscribe to Fresh Thoughts

Our weekly newsletter brings you cybersecurity stories and insights. The insights that help you cut through the bull.

We'll never share your email.

Resources

Fresh Security Support

Your Questions

Blog

Legal Bits

Your Privacy

Our Terms

Cookies