Recent breaches and ransomware attacks bring further attention to a long-standing issue of poor cyber security practices. This also ignites the flurry of security product hustlers promoting that their product stops, reduces, or in some manner addresses the issues contributing to these attacks.
Advancements, tools, and new technology are welcome. The warning I pose is that you can not build a castle on a sand foundation. According to an article in Homeland Security Today, many of the major breaches we have seen over the past 24 months could have been avoided if applications and operating systems had been patched in a timelier manner.
This bit of information points out an area that warrants consideration. When organizations look to innovate, digitally transform, implement tools, automate or any combination of current collective buzzwords, doing so without a sound foundation creates a recipe for disaster. There is a reason the phrase, “when all else fails, get back to the basics” stands the test of time.
See Related: “Patch Your Gaps: Identifying Mobile Security's Challenges”
Rather than repeat the list published every time there is a breach that speaks about patching, updates, backups, etc., I do want to inspire organizations to make a concentrated effort to cover the basics before attempting to build an innovative security program. Starting with the basics enables you to build that mature and innovative program.
The situation is comparable to when I owned a Martial Arts academy. Students start as a white belt, which begins to build the foundational knowledge to become a Masterful Martial Artist. I used a speech at my Black Belt ceremonies that is fitting, and aids in explaining the message of this article.
“Students, now that years of training, sweat, and sometimes blood have awarded you with the sought after Black Belt, I encourage you to feel that sense of pride and accomplishment, and remind you that this belt merely represents you have achieved a level of understanding, and the foundation which now enables you to become true Masters of your craft.”
Simply put: Mature your enterprise security program. Build and enable innovation. Just ensure you do so upon a solid foundation with continuous improvement as a mantra.