Friday, March 28, 2014

Infosec freaks in a business world

Do you feel kind of a freak when you talk to your superiors about security? Do they look at you as if you have no ability to fit into the business objectives? Do you feel that there is a divorce between what you are expected to say and what you in fact want to say? Courage. You're not alone.

Again: you are not alone. Look, for example, to the results of the latest Turkney’s survey on cyber risk perception. Some trends are quite disturbing: it increases the perception that the investments on security only serves to keep the auditors happy, it decreases theperception of return on investment (ROI), and security is put in the IT department’s hands instead of involving the whole organization. All of that, despite the fact that many companies recognize that they have suffered security incidents or information leaks.

Who can understand, right? That’s why we chose today's video, an out-of-the-box one representing a hilarious business meeting, where only one of the five participants knows what is it being talked about, while the other four are just "business people ". A full-blown madness that led to Herbie Zimmerman Twitter user (@HerbieZimmerman) to say that he could imaging the protagonist of the video working in the world of security. Do not miss it because it is priceless.

Perhaps, to understand each other, we should begin with simple things so nobody panics. For example, explaining that if you have a Wordpress blog and you are not enough careful, some day you can find your server delivering phishing pages or injecting malware to your visitors.

Maybe your boss already knows something about these issues, and suddenly he is in pain and sweating thinking about suffering a DDoS attack. Time to make him sit down with you, offer him a glass of water, and explain to him that a DDoS may not be the most common attack, either the most harmful one. Well, now you begin to speak the same language.

If you are already in the exclusive club of security officers aligned with business goals (or, better yet, you're part of a company that has integrated security objectives within the business), bravo! Sure you can talk about updates management, which involves no less than 6 out of 10 vulnerabilities according to the Threats and Intelligence Global Report recently published by the NTT Innovation Institute.

On the contrary, if they still look at you funny when you say "we must change the operating system because the support for this one is about to finish", maybe you can play your best cards when you get on of the typical hoaxes that, from time to time, lands on your peers’ corporate emails or phones. It will be the perfect moment for you to explain to your boss how a hoax is developed, and why that touching message about the girl who needs an urgent operation can be so dangerous.

Security is everyone's responsibility. But making ourselves understand is the responsibility of those of us on this side. ;-).

We invite you to rate our posts, to leave your comments and to share them on social networks. Also, if you want you can follow us on our profiles. At the sidebar, you’ve got the links.


Post a Comment