We all see, every day, seemingly increasing reports of hacking and cybercrime activity, and the victims appear to be a who’s-who of large and powerful companies and government entities. We all wonder, “if they can be targeted, what can I do?” Yet we continue asking vendors for technical solutions, knowing that these solutions likely reside in companies that keep getting hacked. What is missing?
Although we seem to understand it when we are at home, where we lock doors and check windows and track our loved ones and belongings, we don’t seem to carry that same understanding or commitment into the office. We expect products purchased and managed by IT or the Security Team to fill in those blanks. But is this strategy bearing meaningful fruit? What if security isn’t really about products, a checklist, a set of compliance standards, or analysts’ opinions? What if it’s something else entirely?
We understand that security is a discipline we must all adopt and internalize. A security discussion with us does not begin with shiny objects or checklists. It starts with *listening*. No security effort can succeed without a complete picture of the current landscape in an environment, no matter how many tools are utilized or audit checkboxes checked. It then proceeds to *education*. No good decisions about a path forward can be made until an understanding is reached. This encourages those interested in creating a real, effective security plan to call us for meaningful assistance. The answers may include process, product, procedure, policy, training, or a combination. There’s no way to know without a discussion. Let’s have one today.
Unlike all other tech domains, security is special. Security doesn’t merely eclipse a product set, security touches everything in the environment, both real and ephemeral. Security touches every device, every configuration, every interaction, even, and sometimes especially, devices you never considered as part of security’s domain. Security must be considered in all operations, policies, processes and procedures. Security is an all-encompassing discipline that affects every aspect of the company and the behavior of everyone who is a part of it in any way, internally or externally.