All things security in 2019 – still an afterthought. Why is that? The leading risks to business are still directly tied to security controls and yet, most businesses, including startups are still trying to tack on security at the end if at all.
Wikipedia says Security is freedom from, or resilience against, potential harm (or other unwanted coercive change) caused by others.
Could it be that we have the thinking “not in my backyard”? Potential harm.
I have been working in the field for more than a few years and selling security, well it feels like we have to sell it, even now in 2019. In fact, there are too many vendors selling security snake oil making my job harder. Too much convincing going on.
A business should tie security controls to business risk, of course. We have rules that set the standard baseline – and still, there are businesses out there with the attitude of “that won’t happen here” and they forego the rules, the business risks and go full throttle “playing chicken” with security. What pains me, is that they get away with this for a little while, they get comfortable and the vendors selling security blankets are enabling this behavior. When the harm comes and it does, some businesses survive the hits and some don’t.
Personally, I don’t like “Selling” security, convincing on security as a business enabler, growth platform – it is increasingly frustrating to be in this position.
60 percent of small businesses fold within 6 months of a cyber attack and yet, they still play “cybersecurity chicken” with the system. In 6 months, those companies will be the afterthought, if they aren’t big enough to survive.