I have to explain security concepts quite a bit in my job and so I thought I’d share my thoughts with you all for some discussion.
I’m going to keep it brief and then update this blog with the feedback and comments shortly.
There are two kinds of people – those who have been hacked and those that don’t know it yet.
I’m all for a bit of FUD, Fear, Uncertainty and Doubt. It is a good sales technique to be fair – but please, if you are going to use FUD, be accurate. The infosec is getting a bad rap for wild accusations so let’s keep it real. If you feel the need to use a FUD mantra – how about:
Do you want to be one of those companies that you get to read about who didn’t do anything and then got hacked.
Monitor, Manage and Maintain
Bit of a personal favourite of mine – so for transparency reasons … yes, I am biased!
- Monitor – you have to be looking out to see what is coming your way. Ensure you have adequate monitoring that is telling you of an impending attack. Of course the critical part of all this is to know your base line – what is normal ? Once you know this, then you can work out what could be going wrong.
- Manage – if you don’t have someone looking after these things, it goes the way of the paperless office … it was a good idea once. There should be a sponsor … a person at the top of the tree who ensures that the top line buys in, then there should be a busy bee worker who is making sure ‘stuff’ happens.
- Maintain – patch, upgrade – do what you need to to ensure you are always at the edge and not falling in to the hands of criminals who love to capitalise on out of date systems
We have [VENDOR PRODUCT] so we’ll be OK
Buy our [VENDOR PRODUCT] and you will be secure
No, no, no, no. No piece of tin will keep you safe. I love this quote which explains this perfectly “It doesn’t matter how thick your suit of armour is, you can still get flu.” With humans, there is always a will and a way !
So there you go …. my starter for 10 …. what security mantras do you use to protect yourself or what mantras do you train others in ?