As a Security professional, I see far too many businesses and corporations that have the false the pretenses that simply because they have installed the latest and greatest Security based technologies, that their lines of defense have been greatly fortified.
On a technical level, this is true. After all, these fancy gadgets have the ability to capture fine grained information and data in real time, often using artificial intelligence (AI) embedded into them. And true, they can create colorful and easy to read threat reports to upper management.
But, what if nobody is interested in reading and implementing the results of these reports? Then it can be said that all of the money spent on investing in these Security gadgets has been a complete waste, and this is true. In my opinion, great Security comes when you have a combination of not only the latest and the greatest, but strong human vigilance as well.
In fact, I always marvel at the fact that the United Kingdom and Israel are so far ahead of the United States in this regard. Yes, they do have very good Security technologies, but they also keep a very sharp mindset on the Cyberthreat landscape that is out there. Let’s look at some examples: In terms of the 9/11 attacks, the CIA had received clues that there could be something brewing.
Even the terrorists that went to flight school exhibited abnormal and out of the norm behavior. Did the CIA take up on these clues, or did the flight instructors inform law enforcement authorities about these weird behaviors that were being displayed? The answer is a big fact NO.
And, what about the recent shooting in Florida where some innocent 17 lives were lost. The FBI and local law enforcement agencies received plenty of tips on the shooter, but did they arrest him ahead of time? The answer once again is a big fat NO. Had they done this, this horrible incident could very well have been avoided.
In fact, in the macro picture, the United States as a whole, is still very ignorant and naïve about the Security threats and risks that are out there. It’s not just as a people, but even Corporate America is extremely ignorant as well. With all of this in mind, I came across a very interesting article this evening how a proactive Security mindset should not just be a part of the corporate culture, but rather, it should be embedded into the company’s DNA as well.
Here are some takes on this: “The DNA encompassing everything that relates to the very fibers of the organization. All those aspects of the company that we don’t think about it. When we talk about building cyber into the company DNA, we want it to be part of the normal day-to-day operations. Security needs to be part of what we are investing into the organization and people throughout the year. So that limited resources of time and money never diminish the way the company values security, it must be part of the corporate development life cycle.” (SOURCE: https://www.securitymagazine.com/articles/88802-beyond-talking-the-talk-building-cybersecurity-into-a-companys-dna).
In order to create a proactive mindset, the author of this article proposes a few simple ideas:
- Have a well established Security team:
It’s one thing to have an IT staff that is dedicated to monitoring your IT infrastructure, but you also need to have a dedicated staff of just Security professionals that are just dedicated to that nothing else, so that any risks or threats can be quickly mitigated.
- Create reasonable KPIs:
By this, create goals and metrics that are easy to accomplish on a day to day basis. Forget about monthly or yearly goals, just stay focused on the present. In other words, taking baby steps right is far more important than taking one huge, giant swipe at things.
- Create an onboarding process for your Security goals and team:
It is important to remember that Security simply just does at end a finite point in time. With the Cyberthreat landscape that is out there, this process is a dynamic one, which will change everyday. In other words, embrace Security every day, and not just on a once in a while basis. But above all else, every employee all the way from the custodian to the CEO needs to be involved in this particular process.
Changing the Security mindset of America as a whole to a proactive one will be a gargantuan leap of faith for each and every citizen to fathom. But maybe we can start somewhere, especially with the businesses and corporations that drive our economic growth. In closing, my mantra for great Security is that it takes a combination of both human vigilance and sophisticated technologies in order to truly fortify your defense perimeters.