Whether you attribute this quote to Rita Mae Brown, or Albert Einstein, it’s out there and it sums up a lot of security practices: “Insanity: doing the same thing over and over again and expecting different results."
1. Why are the same threat mitigation strategies implemented time and time again with similar (and often highly public) failures?
2. Is this a factor of the cyclical nature of organisations, governance, risk and compliance processes?
3. Is this a factor of vendor fear, uncertainty and doubt built around their product marketing, development and release cycle? “There’s an upgrade/update for that just around the corner … bear with us."
4. Is this a factor of lazy security practitioners following the flock of sheep and not risking running with the pack of wolves?
5. How does law enforcement keep up, or ahead of criminals in the real world? Why can’t we/they do the same in the digital world? Are physical crimes a priority over electronic crimes (or are we stuck in tradition)?
6. What is greater: a) “selling” security to the business, or b) fear of mitigating potential security breach in the media?
Share with us some positive experiences where the above is the exception not the norm.
This article is brought to you by Enex TestLab, content directors for CSO Australia.