Corporations in all sectors share a common goal: to make money. This is not an eye opening statement, but the following might be: “Corporations in all sectors share a common theme – they barely (if ever) care about security.” While some reading this may simply stop at that statement and whisper “he is insane,” many tasked with information security would wholeheartedly agree with me after reading this in its entirety.
During my thought process while writing this, I kept remembering a common statement from many clients, peers, and readings about the topic of the security: “Management doesn’t care. Security is not in the budget… they don’t get it.” This train of thought repeats in many of the articles I write …show more content…
I blame the IT engineers workers. Imagine for a moment you are going to work. You get in your car, then take the train to your office. When you arrive, you walk up an escalator or take an elevator to the thirteenth floor. On the way to work, your car breaks down out of the blue, or the train stops. The escalator? Well it starts going backwards, or the elevator just drops mid-way through the trip. Would you be upset? Would you file a lawsuit? Why is it that when your vendors fail you (the company you do business with) during a breach, that you simply shrug it off? The engineer should have brought it to management’s attention: “Hey this is a subpar thing we’re doing here.” This is what engineers do. IT workers? Usually, the tail goes between the legs, little is said. [6]
Engineering [7] was once a profession, but now engineers come a dime a dozen, in fact, many are coming right out of grade school. Everyone is an engineer, yet no one is building anything worthwhile. Firewalls, Intrusion Prevention Systems, Data Loss Prevention Systems, as my manager would say: “Bunkeeyon Debunkulators.” Security has become a used car lot, a real-life Field of Dreams: “if you build it they will come” where many security hardware, and software vendors are often snake oil salesman delivering to …show more content…
Management doesn’t get it, because their staff hasn’t made the business case. Awareness is lacking, from all walks of the organization. Not just from the upper level managers, but more importantly from the “engineering” staff. Now many readers overlooked the “everyone would need to enter a password” statement in the last paragraph, and many would have been content with just locking the said printer away in Fort Knox. The IT staff, they won’t bring up creating passwords for a printer, because that would require more work. Bigger locks would not stop someone from remotely accessing that printer, so the security becomes a moot point. However, having a different set of eyes can enable organizations to clear up security tunnel