Print
Category: Breach and Disclosure

 

Dark reading has just posted an interesting article about the "6 Biggest Breaches of 2012, so far".  First off, before you continue to read what I have to say, I suggest reading the article.

 

Ok, so you are back from reading the article, great!

 

What is the trend you are starting to see here ?  Is there a trend ?  what can YOU deduce from the following:

 

I'll get to my point on trend in a second.  however, I want to talk about something that is a fact no matter how you look at it.  Anyone that knows of me, knows of my philosophy that I push of "Security is an Intangible" fact.  You can spend money on tangible items such as:

You can touch or see the benefits of these items, aka, Tangible items.  However you can not see or touch the benefits of Data, Infrastructure, or lump everything together into the term "Cyber Security".  You can't realize how important it is until you have a catastrophic event occur.

You've heard the higher ups say "we are spending too much, we need to cut back" or even "we can't keep up with it, outsource it".  this all works well if the Vendor you selected is above board on everything.  But none really are.  They all hide certain facts, especially if they can't handle it themselves.

When and if there is a Breach, then it's a full blown Panic Mode to patch and get the right things in place. Remember this one important fact.  No one will stand behind the budget cuts they imposed when a Breach does occur.

Hmm, doesn't this resemble a "head in the sand" Management philosophy?

Side note, a vendor during the 20010 Black Hat Event in Las Vegas placed a perfect example of this.  I wrote a small article on this here.

What are the right things when each vendor screams their product is better?  Do you also realize that many "solutions" cause their own idiosyncratic problems ?  "But we need something in place NOW!" Blank Checks are written to plug the hole in the dike with silly putty. There is no other words for it.  Silly Putty.

Panic Mode is a killer and makes organizations do extremely rash and foolish things. See article here on Zappos response last year.  Besides, it makes "experts" cringe.

Panic Mode can be described as:

The lack of ability to function in a normal capacity due to an event that triggers panic attacks.

Dictionary Dot Com labels Panic as:

a sudden overwhelming fear, with or without cause, that produces hysterical or irrational behavior, and that often spreads quickly through a group of persons or animals.
The key words here are "irrational behavior" and "unable to function in a normal capacity".
Anyone in a situation where there has been a recent Security Breach and exhibits signs of Panic, should be removed from the situation temporarily.  Their input is based upon reactions due to Panic Induced thoughts.