The 10 Worst Cybersecurity Strategies

in #htechnology4 years ago

image.png
Counting down to the absolutely worst cybersecurity strategies. Sadly, these are all prevalent in the industry. Many organizations have failed spectacularly simply because they chose to follow a long-term path that leads to disaster. You know who you are…

Let’s count them down.

  1. Cyber-Insurance
    No need for security, just get insurance. Transferring risk is better than mitigating it!

Famous Last Words: Sure, it should be covered

  1. Audit Confidence
    Conducing a comprehensive security audit. ...and ignoring the results

Famous Last Words: We will close those gaps later...

  1. Best Tools, Left Unmanaged
    Deploying several good tools, set to autopilot. No need to manage or maintain anything

Famous Last Words: Security is not that difficult...

  1. Regulatory Compliance
    Meeting the minimum requirements (defined 2 years ago)

Famous Last Words: Relax, we are compliant!

  1. One Good Tool
    We just need one good tool (ex. AV) and we are set.

Famous Last Words: That should do it.

  1. IT Dependence
    Cybersecurity is a tech problem, its IT’s responsibility.

Famous Last Words: The IT dept has it covered.

  1. Security by Marketing
    Believing the snake-oil (deceptive marketing) salesperson that will 'solve' your security problems

Famous Last Words: We are totally protected now! (or similar derivative from the sales brochure)

  1. Default Security Settings
    Products and services come with security built in!

Famous Last Words: It’s new, shiny, and looks secure. Don’t worry, we should be fine!

  1. Security by Obscurity
    Nobody knows or cares about us. We are too small to be targeted.

Famous Last Words: We haven't been attacked yet...

  1. Hope, as a Strategy
    I hope we don’t get attacked. Let’s move on with more important things.

Famous Last Words: Just don’t think about security because it is too scary, expensive, and complex!

This is the menu that evokes anger, frustration, and pity among cybersecurity professionals around the globe. Eventually it always ends in despair, blame, and a side of tears.

A solid long-term strategic plan is a necessity for an efficient and capable cybersecurity capability. Cybersecurity fails without a proper strategy.

Interested in more? Follow me on LinkedIn, Medium, and Twitter (@Matt_Rosenquist) to hear insights, rants, and what is going on in cybersecurity.