A gestalt is an organized whole that is perceived as more than
the sum of its parts. If you put together a battery, some wire, and a bulb in a
certain way and you still only have the three. Align them in a certain way, you
also get light. You get something that is greater than the sum of the
parts.
Same parts but you’ve created a gestalt.
You can't buy gestalt. The hard work and planning required to find it doesn't have a price tag. This means that your email security tools aren’t by themselves a gestalt
against ransomware.
Tools are just parts.
I'm always astonished that every major ransomware incident produces experts and commentors that opine that
backups are the only tools to defend against
ransomware. You’d think that gestalt against ransomware isn’t possible.
Is it ok to disagree with experts?
Like email security tools, I’ve found awareness training and privilege management are also
just parts. Architecture and process
allows these to be summed with email security tools and backups.
Align these email security tools, awareness training, privilege
management, architecture, process, and backups in different ways and you may end up with an impressive set of completed work items. Regardless of the sum of these parts, successful
deployment of these would make solid bullet points in any security leader's annual review. You
might even get a “good job” from the executive team. Most teams might be satisfied
with that.
But, "satisfactory" isn't "gestalt".
Creating a gestalt means putting in enough thought aligns the above six elements right. It's more than a good team completing the puzzle; the end result should be a great team
creating something magical. Something greater than the sum of its parts. Something
that effecvely mitigates ransomware.
Different teams, same parts – be the team that wants to create a gestalt.
Follow me on Twitter for the latest blog updates: @Opinionatedsec1
SEE ALSO
No comments:
Post a Comment