As we continue down the path of yet another major security breach – this time with the ransomware WannaCry – let us remember that it’s not just about the criminal hackers, out-of-control government agencies such as the NSA, or vendors such as Microsoft putting out vulnerable software. Every single one of us working in IT, security, and business today are complicit in these challenges.
I don’t know how many more widespread breaches we’ll have to endure but I do know that everyone has a hand in these challenges before us. We can continue down the path of promising that we are compliant and secure when we are, in reality, reacting aimlessly to everything that happens. I know that managing enterprise IT environments is not easy and I certainly don’t envy anyone responsible for securing them. Still, there is so much that most organizations are leaving on the table. But, why?
Is it people protecting their territories under the guise of long-term job security? Perhaps it’s lack of budget or management buy-in? Maybe it’s an out-of-control user base continuing to not think before they act…?
Whatever it is, it needs to change. The criminal hackers and those supporting them are not going away. In fact, they look at issues such as the WannaCry ransomware outbreak as yet another reason they need to keep doing what they’re doing. As the saying goes: change before you have to.