This Week’s Lesson on Good Security

Physical and digital security aren’t that far apart in principle. This week’s attacks on NY and NJ are another reminder that we need better security. We’re getting hit on all sides. Governments are infiltrating our data, aggregators are profiling us far beyond any security check point or law enforcement group. And terrorists are hitting us in the streets.

Security is not a political question, it’s a science. Protection, detection, response. Three parts of a well defined system that work, when properly sequenced and timed. On the data side, as I shared with the Allinal Event attendees this week in San Antonio Texas, IT groups have been lulled into unnecessary product purchases, chasing meaningless compliance regulations (not that all of them are meaningless), and putting their faith in technology to keep out the perpetrator.

This morning’s Wall Street Journal offers a sobering insight from someone who’s experienced terrorism overseas as part of their daily life. Bret Stephens writes,

“What’s the lesson here for Americans? This past weekend’s terrorist attacks hold at least two. One is that there is a benefit for a society that allows competent and responsible adults to carry guns, like the off-duty police officer who shot the knife-wielding jihadist in St. Cloud, Minn. Another is that there is an equal benefit in the surveillance methods that allowed police in New York and New Jersey to swiftly identify and arrest Mr. Rahimi before his bombing spree took any lives.”

A change is needed in our mindsets on security. Security isn’t compliance or politics, it’s life. In the digital world our intellectual capital is being taken even day, bank accounts drained from fraudulent transfers, and businesses crippled by ransomware. On the streets, the expectation is that the police will be there just before the bomb goes off, on the network, we expect firewalls and antivirus software to stop every attack in it’s tracks…but they won’t.

Great security means being able to detect something is wrong before it’s too late, and having a well-rehearsed, timed response plan, that can stop if before damage is done. New laws and efforts to keep the bad guys out never work.

P.S. If you’ve not yet read Digital Money, The Smart Business Leader’s Guide to Stopping Hackers – it’s on Amazon right now!