Do you ever get tired of hearing the same ol rhetoric?
- "Security is suckage!"
- "We're all getting hacked!"
- "Security is broken..cuz I said so."
- "Companies are failing to protect their data"
I'm seriously starting to get hacked - at all the doom-speak! Even worse, a few of my fellow colleagues here and elsewhere are falling for it!
Well, I hate to be the bearer of bad news folks, but there is actually an ulterior motive here (and dare I say it?!?!?): MONEY.
The reason people like the CEO of RSA are so critical about everyone (elses') security is because - they have something to sell. Saying things like "security models" are inadequate, whatever that means.
Might as well say toilet paper is inadequate. As if RSA has a better "security model". Security models will always be inadequate where humanity is involved. This might be something Captain Obvious himself would say.
RSA, please come up with an impenetrable security model. Oh, and do it without trying to sell any of your wares. Not worth the investment? I thought so.
Take a step back and look around for a moment. Ask yourself this question: Do you REALLY think other people are so concerned about YOUR data?
How many IT Sec vendors out there do you think are tossing and turning in their beds, having sweat-drenched nightmares about your data being stolen?
I can see it now (queue in the dream bubble), "no NO! Not Mary's data! Noooooooo! *Pwnd* Ahhhhhh! *cry*"
Here's the problem - Opportunists are using an alarmists strategy, bolstered by bloated opinions, to get you to buy their stuff. IT Sec businesses and vendors are not objective sources for security trends, threats and/or events. They are advertisements! And I'm sure they appreciate others spreading the word for them.
The question you should be asking and the topic you should be most concerned with is this: Is my data under reasonable protection and care?
Is the information of my customer secure within reason and are we providing it with enough due care and diligence? What we as security professionals should be providing is reasonable advice and services.
People will stop listening to you if you are overly-dramatic about everything, or constantly painting them a doom-and-gloom picture.
You have to always keep in mind the bigger picture of the security posture, and how well it protects the assets, valued at x value.
Please stop touting the opportunists' horn. Sweet dreams.