Cybersecurity should be breadth-first

Most cybersecurity companies are offering more or less narrow solutions to a specific security problem. This is fine; expertise comes from specialisation, and one cannot solve all problems. However, for end-users, this poses a challenge. A salesperson from a company pushes their solution, downplaying the security aspects they cannot solve. This may lead to depth-first security, where a few aspects are handled and others are neglected. For example, source code analysis may be rigorously enforced, but other security tests are not done.

There is the saying, "chain is as good as the weakest link," and it applies to security. Security should be breadth-first. The attack surface should be analyzed and its weakest points should be hardened. Some functions and assets, such as user data and private keys, need more protection than others. Still, investing more in their protection should be based on risk analysis rather than available technology.

At Test of Things, we believe in the breadth-first cybersecurity. We use a wide array of tools to assess the attack surface and security functionality holistically. Decisions to assess some parts with more rigour are made based on risk analysis and security standards, not our convenience. We, too, have been involved in selling point solutions for depth-first security in the past, but it is not what Test of Things will do. This is a promise.