Kevin Beaver's Security Blog

Security is a Choice

As the saying goes, the more things change they more they stay the same. It suits what’s happening with security just perfectly. It’s common knowledge that computer security is a problem that affects every business and every individual in some way. Security best practices are available. The rules have been laid down. Why are breaches still occurring?

I think to myself, on the surface there’s:

• information systems complexity
• untrained IT staff
• people not using the right tools and methodologies to uncover vulnerabilities
• limited budgets

Blah, blah, blah…We’ve been talking about this stuff for years! The deal is – security’s a choice. Just like everything else we do in business and life, we’re either contributing or we’re taking away. There is no in between. You either support information security for the betterment of the business or you don’t. When management chooses not to give security the real attention it needs…it chooses the consequences. In particular, when managers ignore security assessment report findings, training requests, and policy enforcement needs, and instead, bury their heads by choosing to believe that security doesn’t affect the business – or technology is the answer (ha!) – then they’re masking the real problems.

How many more entries are going to be made into the Privacy Rights Clearinghouse Chronology of Data Breaches? Just look at it. Today it’s at 166 million+ compromised records and growing by the day. And, it’s chock full of stupid security oversights – things that could’ve been prevented. How many more security breaches will occur that go unnoticed or unreported? Well, I guess we won’t know – but you get my drift.

Wake up business managers and executives! Your business is bleeding and only you can stop it.