Debunking Infosec accuracy and other security myths as a result of recent attacks

The security team at Forrester busts many security myths.

Image: Frank Peters / iStock

Recently, an up-ad sent information security (infosec) Twitter to Tizzy, blaming the cybersecurity industry’s best practices for recent high-profile security breaches. For the security team at Forrester, Up-Ed provided a number of safety stories that we feel compelled to bust here.

Myth # 1: The best infogex professionals have never had a security incident

The Forrester Safety and Risk (S&R) team quickly calculated that most of us would not be employers if the security team only hired people who did not work for the safety victim’s firm.

Breaches are learning opportunities for companies, practitioners and the industry as a whole. Gaps in visibility, procedural errors, poor executions, poor judgments, and incorrect or incomplete information can all aggravate violations. We learned how to defeat them by sharing that information, without embarrassing the person.

See: Identity Theft Protection Policy (TechRepublic Premium)

Myth # 2: Excellent security exists

Not only have many of us worked for the company of the victims of one incident, but events are inevitable. Responding to the Forrester Analytics Business Technographics Survey Safety Survey, 2020, of global security decision makers, one percent said their firm’s sensitive data had been compromised at least once in the past year. Events happen. There is a violation. Smart organizations do not throw stones or chase ambulances, but reach safety with the mindset after a reverse violation.

Those who do not understand security believe that zero-event security is possible or that a full-fledged chief information security officer is possible. These are some misconceptions in the distinction between security and risk. If you want better security, disconnect from the Internet, and unplug each computer. Because it is not realistic, security teams take calculated risks and disclose the extent to which the organization can still do business but minimize the possibility of breach.

Recognition # :: Safety best practices are educational ideals that do not work

It is not strong enough to criticize “easily good practices” to stop attacks, but most experts tell you that the violation may not be due to inappropriate best practices, but because good practices have not been followed. Statements about the need for a “renaissance” in a place of safety fail to directly understand or explain empathy in the depths of the challenge. It is easy to say that the security industry needs a new awakening; It is difficult to say exactly what it looks like and how it addresses the challenges we face. It’s easy to say, “Let’s implement zero faith.” It’s really hard to be one to implement. Anyone in the kitchen can explain why, content marketers know that it’s not enough to write a blog full of buzzwords and product managers because they can’t implement every killer feature they want right away.

Create myths and influence the changes that security really needs

The saddest thing is that although these myths sound false to most security practitioners, there is a subset within IT and business that makes them believe. After all, safety is not necessarily the most rosiest of prestige, and it is something the profession is working hard to correct. Unfortunately, this lack of support is helpful at best and deeply detrimental at worst. In fact, one of the main causes of security poisoning today is the lack of organizational support.

While it is easy to get frustrated with old and outrageous ideas, there are steps you can take to help you understand that difference. When you create a culture of safety, focus somewhat on transparency, pushing out silos and sharing the reasons for both good practices and the successes they have achieved.

A safety-conscious and transparent culture has the potential to create or undermine security programs and your brand. This does not appear by a miracle, but by taking a methodical approach: 1) set the tone from the top with your board; 2) to build human-centered security programs; )) Build support, manage barriers, and navigate politics; )) Go out of the silo with security champions, those are the developers who are helping you address app security issues or the champions help you rebrand; And)) trumpet your progress and successes throughout the organization.

This post was written by Principal Analyst Sandy Carrielli and originally appeared Here.

See also

Leave a Comment