Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

As Security a Professional, What Will You Be Focused on in 2014?

Security is a Serious Business Where The Bottom Line is The Only Result that Matters. Focusing on the Negative May Not Sound Fun, But it’s Effective…

Security is a Serious Business Where The Bottom Line is The Only Result that Matters. Focusing on the Negative May Not Sound Fun, But it’s Effective…

The first week of the New Year is always one of the more interesting times. Gone are the skeleton crews of the past month and, for the first time, everyone is back together from their holiday breaks and ready to take on the next set of challenges. It’s also the time of year when people make a lot of resolutions that statistics show they have little chance of actually keeping. For the next few weeks the gyms will be packed with those committed to getting in better shape, shedding a few pounds, eating healthier, etc. but the reality is, by February, things will return to normal levels. This can also hold true in enterprise organizations.

2014 IT Security Ideas

While I’m not going to offer any fitness tips in this article, I am going to suggest a change in the way companies and IT professionals view their security programs in the coming year. Rather than focusing on the vulnerabilities you are addressing and the types of attacks you are preventing, look at security through the prism of an attacker. Where are the cracks in the fortress walls? What vulnerabilities could possibly remain that could be exploited? Be honest in assessing yourself and your security protocols, ask yourself the tough questions as to whether you are keeping up with the latest patches, technologies, and threats and whether you have the proper team and resources in place.

While I like to think of myself as the proverbial glass half-full type of guy and not someone who obsesses over the negative or potential failures, when it comes to security, it’s always about what could go wrong. When is the last time you read an article about a breach that didn’t happen? Having been in the security industry a long time, I appreciate as well as anyone how tough the job is and the hours and dedication that go into securing an enterprise environment. And while it is human nature to want to congratulate yourself on working hard and what you have done right, the hacker only cares about the one oversight or mistake that will allow them access to your critical information.

This is the mindset you need to have when evaluating your defenses. Security is a serious business where the bottom line is the only result that matters. I know that sounds harsh, but nobody cares that you locked ten doors if a thief walks through door number eleven and steals all of your critical assets. You are probably sick of hearing me say this, but we need to be perfect all the time where a hacker only has to be right once. This is the threshold we live and operate under and viewing our protocols through the hacker’s eyes will allow us to identify a greater number of potential weaknesses.

While focusing on the negative may not sound fun, it’s effective. Here’s a good analogy – if you’ve ever been through the home buying process you know that the first step after agreeing to terms is to have a home inspection of the property completed. While you and your family are focused on the fact that you just found your dream house with great views, high-ceilings and a big backyard, the home inspector is pointing out that the foundation is cracking, the roof needs maintenance and the electrical is out of date. While Mr. Inspector may have just rained on your parade, he also provided you with a level of critical analysis that will enable you to make an informed decision and avoid a potential catastrophic event down the road.

A good security director will do the same thing. Complacency is never a good thing, but in security it can have devastating effects. While it’s good to acknowledge progress, that should never stand in the way of staying ahead of the next potential threat. When you take a look at the most common ways that breaches happen, it’s baffling that they continue to be the result of simple vulnerabilities or carelessness. Unpatched software updates, weak passwords, lost admin accounts. These are the mistakes that hackers rely upon and that we as security professionals need to get serious about if we are going to have a greater success rate in coming years.

There are going to be a lot of promises and resolutions broken in the coming weeks. Life gets hectic and the best-laid intentions are set aside in favor of immediate issues and problems. I’d ask that all of you as security professionals commit to viewing your networks in a different light in the coming year and making sure that this is one regiment that you don’t break away from. Remember, security is only fun if you are winning.

Advertisement. Scroll to continue reading.

Related Reading: What Would Nostradamus Have Said About Cyber Security in 2014?

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...