Okay maybe dumb is a little harsh, but what we see time and again is that many network security breaches could have been prevented if companies knew what they didn’t know. Let me explain.
#1 Dumb Thing– Many firms are unaware that critical IT systems have already been compromised. How can this be? The Enterprise Strategy Group (ESG), a leading IT analyst, consulting, and research organization, in a recent study stated that many organizations incur security attacks but lack the right security skills and controls to know what to look for and where to look. In other words, someone is right in their back office pick pocketing them and they don’t even know it!
#2 Dumb Thing – Many cyber security problems are rooted in poorly written software. There are many vendors touting the latest intrusion detection, anti-hacker, malware repellent pain relief, poison anti-dote security software. But the question is do they work and how effective are they? In the same ESG study 30% of organizations studied experienced a security incident directly related to the compromise of internally developed software.
#3 Dumb Thing – Organizations are sorely in bad shape – flabby, no discipline, out of shape, wimps when it comes to cyber security practices. Alarmingly, 20% of organizations categorized by the U.S. Department of Homeland Security (DHS) as Critical Infrastructure and Key Resources (CIKR) rated their organization’s security policies, procedures, and technology safeguards as “fair” or “poor.” Furthermore, 23% of organizations rate their executive management’s support for and investment in cyber security as “fair” or “poor.”
Time for a true look in the mirror
Sometimes the hardest thing for a person to do is to look in the mirror, accept their faults and take the first step towards change. It is the same for organizations. It may be time to assess where you are in staff level of skills, governance, oversight, executive support, internal applications, network infrastructure as well as security solutions.
What is your true state? How are policy, people and technology working towards a common secure or unsecure environment? After this assessment then the process of creating a roadmap that will make your organization secure can occur. Think of it like a roadmap for securing your current and future investments.