Billions of dollars are spent every year on security solutions that leave the purchasing companies unprotected against the emerging threats that are the most targeted and damaging to them.
Some of the biggest companies, with massive IT security budgets, have been breached. Their networks are filled with the latest tech, equipment from the most recognized brand names in IT security, and they’ve consulted with the biggest, most respected security analysts and firms. Still, they were seemingly defenseless in retrospect.
The people in charge of their IT and IT security lost their jobs. CIOs and even CEOs have lost their jobs. Some were unfortunate scapegoats. Some were asleep at the wheel and more deserving of their fates.
When questioned and interviewed after the breaches, they pointed fingers at others. They explained how they had checked off all the checkboxes, bought all the best tech from the best names, and received the seal of approval from the industry experts. Still, they lost their jobs.
So, how do you protect yourself against the relentless tide of cyber attacks that threaten to wash you away? How do you keep your job, your career, when it’s almost inevitable that your company’s systems will some day be breached?
The answer doesn’t lie in what you buy, who you buy it from, or who’s recommendations you should take when buying. The answer lies in who you are, as a professional, and what you do.
Sooner or later your company will be breached. Keep your job and your career by being prepared for it. Build, maintain, and improve your jetties and levees against the tide. Not just to show you were busy, but that you were actively identifying and responding to potential threats. You knew the storm was coming and you had plans in place, and were acting on them, to preserve your digital assets against the tempest.
When you are questioned, in that inevitable day, will you show them your checkboxes, brand names, and the credentials of those who marketed solutions to you? Or will you have a trail communications that show you were actively engaged in identifying the weaknesses of your systems and working to address them. Will you lamely point fingers at others, or will you have a laundry list of threats and weaknesses to show to your inquisitors. Items that you are actively working to address and remedy.
Will you be able to keep your job because others view you as irreplaceable for when the next attack comes, or will you be an easily replaceable scapegoat? Will they see that you were asleep at the wheel, or will you be able to show them you were doing all you could to fight off attackers, and that you were prepared to repair the breaches and to keep the ship afloat?
Will you trust your company’s future to flashy marketing, brand names, and the so-called experts? Will you trust your future to them? Or, will you trust in your own evidence? Will you gather your own evidence? When you present a lesser known product or company as a solution, will you have the proof to show it worked better in your network and on your systems than the big brand names that they execs have heard of? Will you test and improve and build defenses that you have tried and proven or will you be viewed as defenseless in retrospect?
How will you spend your company’s IT dollars? How will you protect your company and your career against the inevitable next threat?