Do you ever wonder who these technology research and advisory companies are speaking to when they write recommendations on security. If everyone had eight eyes, ten arms, two brains, and an unlimited budget, security would be spectacular! Well, maybe! Unfortunately, the reality of nature that limits our physiology and budgets dictates something different.
Here’s my advice for them… Security has to be approached from the bottom to the top, within reason, and must be practical. The fact is, even with all the security grand standing from these organizations, breaches are occurring at a fever pitch with no end in sight. You have to ask why enterprises are still only one connection away from a massive breach from home offices or mobile devices. Piling more complexity into this fact isn’t going to help security because it fosters shortcuts, creates confusion, and would argue favors the attacker.
So when these organizations want to get serious, this is the conversation I would actually listen to. We do not want to hear the constant advice and information being passed on that can only be considered by the top 5% of businesses. Lastly, we need to curb this pay-to-play approach for security because this in itself contributes to the security problem.
Looking forward to that discussion!