By: Douglas A. Nagan
Initially, when faced with threats, man had to choose between ‘fight’ or ‘flee’. In these times, we have many more choices because, along with the increased number and sophistication of threats, we have created improved strategies, technologies and techniques to address them. In the cyber area, as you well know, the threats include viruses, hackers, trojans, phishers, and other numerous malware creations. There are many efforts underway to combat these threats. Unfortunately we also see many failures that share the following characteristics:
- Myopia - a focus on the obvious to the exclusion of other potential threats. A good historical example is the Maginot Line. The French series of fortresses and defenses created in the 1920’s and 30’s to prevent a German Invasion. The French did not create a defense on the Belgium border because Belgium posed no threats. This left them totally unprepared when the Germans went around the Maginot Line and invaded through Belgium. This failing to recognize broader strategic risks is not confined to mid-twentieth century French myopia, but is alive and well in organizations today. We see organizations installing the latest secure firewalls and then letting staff connect their smart phones directly into the protected network – commonly called ‘Bring Your Own Device (BYOD)’, thus by-passing their own security ‘Maginot Line’.
- Willful, Head-In-The Sand, Ignorance – the belief that “it won’t happen here.” Generally founded on the concept that we are too small, or pose no threat so we will be spared. The mistake here is to think that the malware activists are looking for some specific asset. The truth is that many are just looking for vulnerabilities that can be compromised. Many are interested in proving they are smarter so being small or posing no threat is irrelevant. In the cyber environment all are potential prey, none are spared.
Continue reading here: Cyber Exposures