Users Are Losers: The Cyber Wisdom of Britney Spears
Hold in your mind’s eye that perfect image of Britney Spears. The pre-shorn, seatbelt-abiding, catsuit-wearing Britney in all her superstardom.
Yes, that’s the one.
Now look past the gloss and the scales will fall from your eyes as you begin to understand her guru-like wisdom on matters of cybersecurity. As with Talmudic scholarship and diamond mining, it takes a bit of digging to find the nuggets of wisdom in the Britney oeuvre. But they’re there. Brit’s stark warnings about why we should take cybersecurity decisions out of the hands of users resonate across the decades.
I'm addicted to you / Don't you know that you're toxic? --Toxic, 2003
Britney may have ostensibly been warbling about relationships, but she’s sending all of us a message about an even more toxic relationship: the one your users have with Internet strangers who send unsolicited emails. Their prefrontal cortex says no, but the limbic system says “Yes! YES!” and they click on that phishing email, opening the floodgates to malicious actors who move laterally across your network, wreaking havoc like Sherman’s March to the Sea.
Oops, I did it again… / Can’t you see that I’m a fool in so many ways? --Oops!... I Did It Again, 2000
Nor are users able to help themselves from repeatedly making the same poor choices. Here again Britney was referring to relationships, probably. But we like to think she was actually waxing poetic about the perennial fallibility of humans. A key pillar here at QWERX is to remove people from the security chain altogether. Problem solved. How we doing, Brit?
How was I supposed to know / That something wasn’t right here? / Hit me baby one more time --...Baby One More Time, 1998
In this lyric, Britney was talking about relationships maybe? However, scratch the surface a bit and you’ll see that she was trying to tell us all, way back then in the early years of the Internet, that finding attack patterns in the data is a near impossible task. As she wraps up the stanza, Britney warns us not to maintain insecure networks lest we open ourselves up to repeated attacks, inviting malicious actors to “Hit [us] one more time.”
Work it hard like it’s your profession / Watch it now cause here it comes --Work B****, 2013
Vigilance in cybersecurity is a never-ending task and external network attacks, like Britney’s hits, just keep on coming. So, rather than ply overcaffeinated SOC analysts with one more case of Red Bull we prefer a lightweight, robust system to only authenticate devices that belong on the network, keeping outsiders out and reserving that chewy internal goodness for trusted devices.
Before there was spearfishing there was Spears. Wisdom springs from the unlikeliest of places, but user stupidity is everywhere.