Enterprise Security: Keeping Up With the Joneses

Wednesday, November 17, 2010

Javvad Malik


I was going to write about something else but that couldn’t have been too important because I’ve forgotten what it was. Strange how that happens.

What seems important one moment, is trivial the next. One day USB encryption is the current flavor and the next day it’s all about Trojans.

So what are security departments doing all the time? One thing they do quite a lot of is keeping up with the Joneses.

Like most social rituals, I’m not sure how the whole phenomenon of keeping up with the Joneses started.

Someone can probably trace it back to cavemen times where Mr Caveman saw the another had a nice looking club so sought out to carve himself a more impressive one.

Being the proud owner of a far superior club, Mr Caveman could look down on his neighbor. Not only that, he could probably find that he became a far better hunter because of his better formed club.

Naturally, being a better hunter would mean that he would attract the best looking cave-women and have the most children, hence contributing greatly to the gene pool… all because he thought his neighbor had a better looking club.

Bringing it back to modern times. No company wants to be that company with lame security which continually loses data, gets hacked and fined by regulators. But then neither does any company really have unlimited budget to implement the total number of security controls they need.

So they simply keep up with the Joneses.

You see, everyone is a legitimate target. Whether it be criminals or regulators, everyone is out to get the low hanging fruit.

Criminals want money with as little effort, little investment and little risk as possible whilst regulators feel the need to fine companies large sums to make it appear as if they are very active in their role as regulators.

The easiest way to avoid becoming a victim is to ensure you have better security controls than at least some of your competition in the market. So if one bank rolls out 2 factor authentication devices, you quickly see the others follow suit.

It’s not an effective way, or a particularly clever method. But if you keep up with the Joneses, you’ll increase your chances of having a thriving business.

Cross-posted from J4VV4D

Possibly Related Articles:
Enterprise Security
Enterprise Security Management Security Strategies Network Access Control
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.