The holiday season is a great time of year, one of my favorites. Cookies and mistletoe, decorations and caroling, the festive spirit always brings out the best in people.
I’m kidding about the caroling, but the holidays definitely put me in a good mood. Everything looks brighter, and my attitude is more positive. I generally feel better about life, even if circumstances haven’t changed.
So I suppose it’s no surprise that I’m here to provide each of you with a fresh perspective on your information security headaches. Yes, I’m sure you’ve all had serious problems this year – technical, financial or operational – and you’re expecting more in 2012. But now is a time for reflection. A time for renewal. A time to forget old acquaintance, and auld lang syne.
So get yourself a warm cookie and a chilled goblet of your favorite Christmas cheer, and grab a cozy in front of the fireplace while I attempt to make eggnog out of rotten security eggs.
- You’re only as bad as your last fail – We’re all human, and we all have the same defensive mechanisms. This means that, in general people will only remember your last disaster. So cheer up! The SQL injection flaws you left exposed in April don’t matter anymore, all that matters today is the massive databreach from November. Tomorrow is a new day.
- The good guys will always be behind – By definition, we will always be in reactive, defensive mode, but that’s OK! If you do the math you realize that they can’t get all of us. Also, we may be losing the race but there are only two runners so we’re guaranteed second place. That’s a silver medal in some contests.
- There are no guarantees – There is no such thing as 100% secure – so find comfort in that fact. The day I gave up thinking I would ever dunk a basketball was a happy day, I just didn’t know it yet. Mediocrity can be invigorating if given a chance and approached with the right perspective. You’re as likely to secure your enterprise as I am to dunk a basketball. Enjoy.
- It’s always going to be this bad – Things in the information security Universe are frighteningly bad, but it’s always been this way and it always will be. So relax – there’s no sense killing yourself over something you have little control over. Read a book. Go to lunch. Or even better, get your Law degree and save your career.
- Everyone else has problems, too – If all of the above attempts to freshen your perspective have failed, rest easy – the bank across the street really has it bad. So does the hospital you go to. And the fast food chain where you had lunch today. Oh and don’t forget about your car dealer, your kids’ college and your church. And every other business within visible range. In fact, you’re probably no worse off than anyone else. So take a deep breath and revel in the fact that everyone sucks at security.
By now you’re probably ready to build a snowman and donate your bonus to charity, so I’ll let you get back to your holiday preparations. Just remember that there’s a bright side to information security and there’s no better time than the holidays to celebrate that fact.
I feel better already.
GreyCastle Security was founded on the core principle that internal and external threats, misuse, organized cybercrime, system complexity, data breaches, hackers and vulnerabilities are growing at a far faster rate than organizations capable of dealing with them.
We read new headlines every day, and the stories have gotten closer and closer to home. The banks, grocery stores, school districts and fast food chains down the street have all been hit, and these are just the incidents that we know about. Russia, China and Eastern Europe are still turning out increasingly sophisticated cybergangs capable of crawling into networks, databases and bank accounts.
The United States isn’t far behind.
Malware variants and hacking tools are proliferating, and they are becoming increasingly difficult to detect, prevent and eradicate. Open source crimeware kits have given cybercriminals a fast, simple and effective way to create new malware – anyone can be a hacker.
Given the growing complexity of our networks, applications, hardware and software, it’s difficult to keep up with the mounting vulnerabilities that expose our critical assets and bring risk to our businesses. Add cloud computing to the mix, and you have a vast new set of moving parts to secure. Many industry experts see the current state of cyber-insecurity as a countdown to inevitable disaster.
We see it as a wakeup call.
Through all of the noise come a few simple truths:
- “92% of attacks were not highly difficult” – 2011 Verizon Business Data Breach Investigations Report
- “96% of breaches were avoidable by simple or intermediate controls” – 2011 Verizon Business Data Breach Investigations Report
At GreyCastle Security, we’ve proven that through a system of security fundamentals, you can reduce your risk and protect your sensitive assets.
We look forward to partnering with you on your next security initiative.
Welcome to the GreyCastle Security blog!
Subscribe and get the latest information security news, tactics, tips and procedures. If you run a business in New York’s Tech Valley, you’ve come to the right place for security and compliance guidance.