There’s a very tried-and-true saying in the security world: “Security through obscurity is not security.” It is extremely common for users of technology to assume that “the bad guys” will not know how to break in, steal, hack, alter, or achieve whatever damage is in question. A similar belief is that “they wouldn’t be interested in my data.” People very, very commonly believe that they have “nothing of interest to a thief” on their hard drives.

But on the topic of security directly, even IT professionals often take a “not me” mentality, whereby they either assume they won’t be targeted, or assume that the “bad guys” will not discover a vulnerability that the IT folks know exists. For example, they have a wide-open application vulnerability where a certain script doesn’t require authentication, but it would require an attacker to know what script to run. Rather than secure the hole, the Powers That Be decide that it’s just so unlikely that anybody will discover it’s there, they can rely on that fog of obscurity to keep things happy.

That’s called “security through obscurity.”

It’s a very, very dangerous thing.

Perhaps one of the most reliable truths in life is that that which is “obscure” won’t be obscure forever. You can count on that.

Secure your data through real security. Don’t rely on obscurity.