It’s all your fault, really, it is. Whether it’s a lack of caring, naivety or a misunderstanding you executives of companies and leaders of agencies have helped to create an underground ecosystem for attackers to collaborate and coordinate attacks against all of us. It’s time for a change. It’s time that we all realize that good security is good business.
Maybe if I put it this way. Do you want your organization to have maximum uptime? Do you want to have known manageable long term costs? Do you want your kid’s identity stolen? It’s really that bad. The evidence is there, we see it in the news daily. We need to change the way you think about Information Security and its place in your life.
Things are only going to get better when all C-level executives and leaders of governments step up and embrace a strong information security program that reinforces their business goals. So please listen to your information security team and implement the appropriate changes to strengthen your business and protect everyone.
Oh, and some of your security executives, it’s your fault too. You need to stop proposing every new shiny toy that comes out and focus on the risks that make the most sense to protect your organization. This way the other leadership will see that you are focused on the business and its success and not just interested in playing with fun stuff. On the other hand, if the fun stuff addresses a known risk then you can have your cake and eat it to.
It’s everyone’s job to pay attention to information security and to implement appropriate solutions and practices. Once we get it right at work, we can get it right at home and make a serious dent in the attack actors ability to affect us all.