There is an old adage that has stuck with me since my early Navy days, never assume, because it makes an ass out of you and me.
When it comes to business security, assumption is a really bad place to be. It happens all of the time! We are assuming that the bad guys are only as clever or dumb as the person who puts the security together.
We have seen, heard, read and demonstrated that this is not the case. The criminals who use the digital world to perpetrate their crimes are neither stupid nor dumb. In most cases, especial in the true criminal environments, they can be exceedingly clever in their chosen field.
Their chosen field is using technology to separate you from your money, your trade secrets or your technology.
They are very good at it.
Why is it
In most business environments, small, medium, large or not for profit, the ICT department / person / person who knows computers is full on keeping systems working. They are firefighting, troubleshooting and just keeping their noses above the level of crud that is the job.
The do not have time to implement stringent security measures so they revert to ‘easy wins’.
A firewall, maybe an acceptable use policy, anti virus and updates. Anything that they can implement in a couple of hours and tick the box that says they are now secure – usual because the sales person said so.
In today’s rarefied cybercrime environment this is no longer enough.
It is not their fault, there are not enough hours in the working day to implement most of the strategies for a secure business environment.
This is where an external cybersecurity contractor comes into it. A contractor who will augment your system, make it more secure, test it and deliver outcomes that, although expected, never usually eventuate inside the business.
Like everything else in today’s world finding the right one, one that is not going to rip you off, one who knows there stuff and one who uses or has developed a framework for security is very hard to find.