The best description I’ve heard of cyber security comes from
a recent Forbes magazine article. That article describes cyber security as
having to defend your house in a bad neighborhood without being able to lock
the front door.
The cyber security industry provides us with a cornucopia of
products and services upon which we spend tons of money and yet the house is
still regularly robbed and often burned completely to the ground. And then we
repeat the process expecting different results.
We are in a race towards mediocrity. Strangely, we may be striving
for it.
We’ve raised the job entry bar on certifications that don’t
account for critical thinking.
Staff know frameworks but don't know how malware works or how to stop it
We don’t manage or train cyber security staff well with the
fear that they’ll leave.
We foster the idea that being “industry average” is some
sort of cyber high ground.
But, the goal of a cyber program should not be mediocrity.
It should be to facilitate organization's strategic goals by protecting reputations, building trust, and preventing unauthorized disclosure of information. Being mediocre makes that hard to do.
It should be to facilitate organization's strategic goals by protecting reputations, building trust, and preventing unauthorized disclosure of information. Being mediocre makes that hard to do.
My evidence is the number of organizations that are breached each day,
And yet, we continue to follow the same approached as those breached organizations and call it best practice.
It’s easy to say that the model for cyber security has to
change.
The much harder decision is to own that change as cyber
leaders.
And then, lead to find a better way.
Follow me on Twitter
for discussion and the latest blog updates: @Opinionatedsec1. Or, start your
own discussion using #crazygoodcyberteams on twitter or Linkedin and I'll read
it.
SEE ALSO
No comments:
Post a Comment