We’re all familiar with today’s ever changing security challenges. It seems every week there is another major news story about a security breach at or related to one of our very well known household brand names. So the questions arises, if theses well funded, well resourced, fortune 1000 companies can’t properly protect themselves from the dynamically threatening technology landscape, how is the typical SME/SMB supposed to be able to solve these same problems ?
Two years ago there was a big argument that compliance was going to save the information security industry. The industry became driven by compliance to the point where compliance became an industry itself. While there have been many benefits to compliance, there has also been an ironic downside in that it has fostered a false sense of security.
Many of the government frameworks, security standards, requirements, and other enforced attempts to address risks to enterprise systems, and the critical data in them, have become exercises in reporting and diverting security program resources away from those needed to defend appropriately against constantly evolving cyber attacks. As important as they are to good citizenship and industry/government collaboration, most standards are simply feel-good insurance policies that raise comfort levels but fall flat when it comes to protection.
It’s crazy how fast we as humans can adopt bad habits. Experts say it takes roughly 21 days to form habits in general, but somehow creating damaging ones take a fraction of the time. They can even exist in the workplace, where ramifications can cause professional fallout. So whether it’s looking for shortcuts to make any given situation easier, trying to avoid hard (and often long) work, or that we were simply taught wrong, bad habits are easy to form and hard to avoid.
With so many data breaches in the news these days, it surprises me a little that companies
aren’t getting serious about securing their infrastructures. After all, a data breach is a serious matter. Your customers and partners trust you to keep their information protected, and that expectation is something that too many companies aren’t treating appropriately. When a breach occurs, that theft or leakage can have a significant impact on your organization (and your career). Consumers and companies alike expect their information will be safe, from your website all the way to your databases.