As the holidays approach, even serious-minded IT experts long for a lighter approach to their work. Which is why I wrote the following look at various approaches to cyber security. Though it is a bit facetious, I think it also provides a little food for introspection.
This thinking came out of a conversation with an NTT DATA colleague who also consults on IT and security. We were talking about IT professionals we’ve known, and were discussing the various approaches they take to security. It was Friday afternoon, and somehow we started categorizing folks in ornithological terms. Out of that we developed a short field guide to recognizing these security behaviors. Here is a bit of what we came up with.
The Ostrich: If I don’t look, it isn’t happening.
The Ostrich is a person who set up his/her security systems years ago, and hasn’t had a breach yet. Or at least hasn’t noticed that there was a breach. Since the Ostrich has his/her head in the sand and can’t see what’s happening, hackers could have been in and out many times, rummaging around in the data, stealing personal information, even changing data. Without current surveillance systems, the Ostrich doesn’t really know what has happened. And since the Ostrich is slow to implement changes in response to new threats or environmental modifications, chances are a breach of some sort has occurred.
The Roadrunner: I need the newest stuff fast!
Unlike the Ostrich, the Roadrunner speeds after every new gadget and technology available. Unfortunately, the Roadrunner is moving so fast that there is no time for careful evaluation. Does this new technology align with our risks and fit our budget? The Roadrunner’s answer is, “But everyone says it’s great, so let’s get it right away!” The Roadrunner spends a lot of time trying to figure out why all of his/her things aren’t working as smoothly as expected, and overlooks many basic security strategies that don’t require tools or technology, just good solid practices.
The Albatross: I keep things complicated to keep things secure.
Security is definitely tight at the Albatross’s organization. So tight, in fact, that people give up on getting access to data, no matter how important that data might be. It’s just not worth the effort. That might be why the Albatross’s health system is having trouble reducing redundant tests and imaging studies, and analysts set up auxiliary databases for their inquiries. The Albatross has things locked down so tight that no one can get to anything without jumping through the right hoops – or create a few unauthorized hoops to jump through.
The Eagle: There’s a reason I soar.
The Eagle soars high enough to keep an eye on the threats, risks, and opportunities across the industry, and has the keen insight to know what’s important and what’s not. Basic security measures are all in place as a frontline defense; the monitoring and reporting are solid and reliable and when required, the Eagle has the vision, knowledge and budget to acquire the right tools and support to take swift, targeted action.
So what kind of bird are you? Ponder these characteristics and behaviors, and aspire to be an eagle.
Post Date: 12/19/2017