Belgium attacks reinforce that security is everybody’s problem

In light of the tragedy in Belgium columnist Rob Enderle writes that it is more important than ever to rethink our security efforts. People seem to think security is someone else’s problem, but the reality is that security is something we all need to own.

I’ve had some rather unusual security training over the years. One of my earliest jobs was in security and law enforcement, and my course of study in graduate and undergraduate school included covering some of the largest security disasters in corporate history. Oh, and I was an internal auditor leader for a time when we had a tight emphasis on security. And, I’ve actually been a body guard.

One of the things I’ve learned is that security is as much a mindset as anything else. Whether you are talking about personal security or securing your firm or country it is a heads-up game. The most successful are those that are constantly looking for abnormalities and are willing to do what is necessary when they see one to discover if there is a problem. Those that simply depend on tools or others to keep them secure likely aren’t. While these folks may lead far less stressful lives, their sense of security is a sham.

Rethinking business travel

Losing an employee, co-worker, and/or friend is not only traumatic to the people around them, but can set back company efforts related to that person significantly. Having this happen if the trip was avoidable is particularly painful. Over the last few years video conferencing solutions have become both far better and far less expensive. The cost of one system can actually be less than the cost of one trip. Terrorists seem to be attacking central transportation hubs in cities and unsecure transportation methods like trains. One way to keep employees safe is to just keep them, as much as possible, from being in either place.

Rethinking work at home

We seem to yo-yo around the work-at-home option, but most managers now seem to have a grasp of what jobs work best from home and how to monitor employees so they can tell the difference between those who can successfully do this and those who can’t. This not only lowers the risks associated with travel it can substantially reduce the cost of maintaining offices at centralized locations and hoteling. In addition, tools have improved dramatically over the years so that an office or cubical can now be automatically provisioned individually for an employee when they first log in to the office.

[ Related: 8 must-have tools if you work from home ]

Rethinking employee security training

Employees are facing a number of increasing threats both physical and electronic. I recently was made aware of Lockey, a new ransomware product that not only encrypts local storage but every piece of attached, both physical and virtual, storage as well. Given users are tricked into installing tools like this, firms should aggressively limit user access to just what they need and when they need it. Also, users need to be regularly trained to recognize and report attempts to phish them for any reason so that other employees, security and management can be made aware of an attack in progress. More typically what happens is we sound an alert only when an attack has been successful not during an attempt and, given the amount of damage that is being done, that is simply too late.

Belgium reminds us that an attack can be physical as well, and actively looking for people who are behaving unusually and reporting them may not just save the company, it could save the employee’s life. While I sadly expect that we won’t take this seriously until more of us have lost loved ones, for those who can get ahead of this problem the reward of avoiding guilt will be well earned.

[ Related: Why CIOs need to be proactive not reactive to cybersecurity threats ]

Security is nothing to laugh at

I have a number of funny security stories I could share, but there is little to smile about with what seems to be going on today. Being stupid can have mortal consequences. At the heart of much of the problem is that people seem to think security is someone else’s problem. If there is one overarching thing we can do, it is to accept that security is something we all need to own because with threats like what we are now seeing out of Europe and what we have seen here, that is the only reliable way we can actually be safer.

Something to think about this weekend.

Join the CSO newsletter!

Error: Please check your email address.

More about

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Rob Enderle

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts