I’m positioning myself as a new kind of hero. I won’t wear a cape (my legs are too short) but I am fixing cyber crime once and for all. Sure you could spend millions but you won’t be safe. The ONLY way to be safe is to unplug your network. Once you’ve done that, burn your clothes, put a tin foil hat on and curl into a ball and rock yourself to a peaceful sleep dreaming of cyber heaven.
Let’s get some perspective here. For years companies have invested in faster networks with security playing second fiddle to performance. It’s very difficult to espouse something that is ultimately like paying an insurance policy. There’s no tangible benefit until you need to make a claim. A few years prior to that we still had modems on ILO ports so you could dial in from home and reboot your AS400….that was until the script kiddies worked out war dialers and ruined all the fun. Always on was an absolute must, no compromise.
Security has never been the primary consideration. It’s always been a compromise. If you start with absolute security (remember being curled up in a ball with a tin foil hat on?). As we move down the levels, you are compromising security, so the magic is in providing adequate protection that doesn’t compromise function. Function is NOT “it needs to be super bang wizzy fast and I’m not typing in any passwords”
Function is providing the service the solution was designed for. Security is the wrap of education and control around that function. Ensuring that the risk of compromising the function to obtain data or prevent function is minimised.
If you are in charge of running your network, application, website, social events or even just writing the birthday cards, then you have an obligation to try to protect your data. Don’t leave it to CISO, get involved. If you are a CEO make sure that the shiny new network you’ve just bought, or the fluffy cloud you’ve just evangelised about has the appropriate security measures and educational resources applied to them.
Until we all accept it’s all of our responsibility to maintain a level of control this problem will continue. There are tools and processes you can implement and there are some very good ones at that, but without a sensible approach you are burning cash and paying the new wave of ransomware pirates.
Before anyone comments check your own LinkedIn setups and ensure you have two-factor authentication enabled…..why would you, it slows you down, right?