Home > Blogs > What it will be

What it will be

I'm flustered at all the attention paid to the procurement of miracle tools.  Security Vendor consolidation is still continuing, and the money made is large.  Will these purchases prevent the next big hack?


It won't be the result of the oh-too-clever intrinsic data wrap-around functions in your new system acquisition, the purchase made with great ado and applause...

It won't be the result of some foreign nation's new Ueber Hackerei, the walking zygote with special genetic engineering that allows it to see all your security holes at a glance...

It won't be the result of an all-nighter, break-it-and-forget-it hacking party, with the kids awash in Dew, pizza, Caffeine and the joy of tearing your systems apart--in time to get a solid eight hours sleep before class the following day...

Your next hack will be the result of a hundred or so seemingly unrelated security oversights.  People know and trust in the de jure security practices your organization claims to insist on (and the de facto who-cares, slopmatic way things are).   It will be caused by the oh-too-busy manager who insists that all others work through silly security-by-obscurity rituals, all the while choosing passwords easily guessed.  It will be the simple, not the complex; the mindless, not the componentized and complicated mistakes; the linking of dozens of failures, not the isolated problem the security snake oil is sold to prevent.

It will be most about people and oh so much less about technologies.

And when it happens, the hack will demonstrate how effectively "no controls & too little security culture" trumps technical Ivory Tower (IT) sold toys each time...

jt

Comments

comments powered by Disqus