I’ve been working in information security for a very long time now. And I’ve spent my time trying to convince customers, managers, friends and family that IT security is as important as locking your front door when leaving in the morning. Everybody knows about security, but when it comes down to actions, it looks like a ghost in a Scottish castle: nobody has ever seen it.
Every year, I read articles from analysts: security is the top priority for next year. They spread it to domains, budget allocations, investments… And a year later, what’s actually been done? Almost nothing! I wonder what could be a lower priority when it comes down to the facts. Nobody dares to say that they do not consider security seriously.
Even worse: when investing in security, I have very often the feeling that it is not to make the enterprise more secure but to feel more comfortable. “We have done what we had to do, if something wrong happens, it is not our fault.” How many times have we seen a company experience a security issue despite firewalls, policies, antivirus protection. There are loads of security measures… but no actual security.
Are we still talking about password complexity and people posting their passwords on post-it notes? Are we still running awareness campaigns to make everyone aware of the need for security?
I have to admit that a few things have changed. Companies now have a CSO and a security department. For most of them, security policies are being written… but are they covered by dust, forgotten in a cabinet? Well at least they exist... Anyway, laws have also pushed some companies to move and this will be reinforced in the coming years.
But all of this is so slow in today’s fast-moving world!
I dream about an effective security awareness education. We tell kids not to follow strangers, to close their windows if it rains... We should educate them to use valid passwords, not to leave their computers wide open, to think twice before clicking on the latest sexy picture in their emails… and so many more easy steps that would make this world safer!
Dreaming is great but actions are better. Think about your IT security as your home security. Close the door, turn your alarm system on and call the police when suspicious strangers are walking around, ok?
Photo credit: © vadis73 - Fotolia.com
I am providing information security officer consultancy for multinational clients and governmental institutions. Being paranoiac as any security responsible, I am quite relax at home enjoying family. My work has driven me to work with many different cultures that I am so happy to meet during my vacations.
Working in the security for so much time, I have seen the evolution of the mentality but I dream for more. But dreaming is not enough…Let’s work on it!