I just got off of phone call with some friends/colleagues where we were discussing the latest security trends. After talking it occurred to me that we’re basically going backwards in time with information security. It seems with the Target breach, stupid passwords people are still using in 2014, and even today’s new SANS-Norse healthcare security report, it just keeps piling up as if nothing works.
But it can work – if people would get out of their own way.
Looking at it from a psychological perspective (a great way to view security trends/challenges), it’s really about the choices people are making – or not making – about security:
You’ve heard the adage, “if you lie about something long enough and consistently enough, pretty soon people will start believing the lies as the truth.” So many people are thinking that IT and security problems are just getting too hard to handle…that the bad guys are just getting “badder”. The government can fix things with whatever “cybersecurity” nonsense they’re going to shove down our throats. To the cloud so we can wash our hands of all this.
Too many people are acting as if everything is out of their control, like low-information voters at the ballot box.
Like I talked about in this new guest blog post for Rapid7, don’t let history repeat itself so that you get burned. Step up or step aside – somebody needs to fix this stuff.
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”