Cyber Broken Windows Theory

In 1982 a now famous paper by James Q. Wilson introduced the Broken Windows Theory.  Consider a building with a few broken windows.  If the windows are not repaired, the tendency is for vandals to break a few more windows.  Eventually, they may even break into the building, and if it's unoccupied, perhaps become squatters or light fires inside.

This theory has an uncanny parallel with current information security practices - poor security hygiene allows cyber-crime to flourish.  Consider a computer with a few unpatched vulnerabilities.  If the vulnerabilities are not patched, the tendency is for criminals to start exploiting them.  Eventually, they may even break into the computer, and if unprotected, perhaps add it to a botnet or just trash it.

By not patching our systems, we are not just victims of cybercrime, we are unwitting accomplices.

One unrepaired broken window is a signal that no one cares, and so is one unpatched computer.

Phil Kernick Chief Technology Officer
@philkernick www.cqr.com