30 comments

We will be Invincible

invincibleContinuing the trend of IT Security topics in my writings (you might think that I am doing some work that somehow ties to IT Security…), I ran across an article in Forbes posted on March 4thSecurity Statistics Show That We Need To Reinvent Enterprise IT”.  In this article, there are some staggering statistics regarding first the number of security breaches in large companies last year – “During 2013, at any given time, between 68% and 82% of the S&P 500 companies had been compromised with an externally observable event”.  Further in the article a survey revealed that IT employees of these large firms state that “Businesses Put the Blinders On: 73% of respondents believe their organization is safe from security threats”.

In my last post (“In The City”) I stated “Organizations pay for virus protection based on Lockhow they value the risk to the organization and how clients or customers would view their decision.”  I am thinking now that I should rephrase this to add the word “should”.  Organizations SHOULD pay for virus protection based on how they value the risk to the organization and how clients or customers would view their decision.  As it may be that organizations are willing to tolerate security risks to deploy new systems, tools and technologies to meet shareholders profitability demands.

Gosh, big companies taking risks in the name of profits.  Shocking, eye opening, and happens every day.

In some industries, such as Pharmaceutical, Healthcare and even Financial, have to meet government imposed regulatory requirements and this now includes some requirements around data security.  Non-compliance with these regulations can lead to severe penalties.  These regulations do not consider many of the ever evolving threats in IT security.  Thus the corporations are on their own to decide their risk tolerance and determine investments in security.

Many companies now utilize a GRC program or board (governance, risk and compliance) to ensure that the company is operating ethically, address regulatory compliance and it is being applied to IT departments to ensure they support the current and future needs of the business and complies with all IT-related mandates.  The challenge is this is not an automated process that continually monitors progress.  In most cases it is an audit based function that reveals problems only after the audit takes place (if it even reveals all problems).  In general the GRC program team does not have the technical expertise to ensure proper measure are taken to avoid breaches and rely on the IT departments’ assurance.  The IT department is driven to meet budgets and support the needs of the business.

Security is not a need of the business until an event has occurred.  Therein lies the problem. So here is your bad 80’s tune reference:

It’s a do or die situation – (until then) we will be invincible.

Enjoy!

30 Responses to "We will be Invincible"

  1. Going to put this article to good use now.

  2. I actually found this more entertaining than James Joyce.

  3. Yup, that should defo do the trick!

  4. Hats off to whoever wrote this up and posted it.

  5. Right on-this helped me sort things right out.

  6. I see, I suppose that would have to be the case.

  7. Well done article that. I’ll make sure to use it wisely.

  8. Great hammer of Thor, that is powerfully helpful!

  9. Great common sense here. Wish I’d thought of that.

  10. God help me, I put aside a whole afternoon to figure this out.

  11. I think you’ve just captured the answer perfectly

  12. That’s a well-thought-out answer to a challenging question

  13. Very true! Makes a change to see someone spell it out like that. 🙂

  14. That’s 2 clever by half and 2×2 clever 4 me. Thanks!

  15. Pleasing to find someone who can think like that

  16. None can doubt the veracity of this article.

  17. Finally! This is just what I was looking for.

  18. Essays like this are so important to broadening people’s horizons.

  19. What an awesome way to explain this-now I know everything!

  20. Way to use the internet to help people solve problems!

  21. A good many valuables you’ve given me.

  22. Now we know who the sensible one is here. Great post!

  23. How could any of this be better stated? It couldn’t.

  24. Surprisingly well-written and informative for a free online article.

  25. Wow! That’s a really neat answer!

  26. Thanks for being on point and on target!

  27. If time is money you’ve made me a wealthier woman.

  28. Whoa, whoa, get out the way with that good information.

  29. What liberating knowledge. Give me liberty or give me death.

Leave a reply