We see an ever increasing number of news stories about the threat of cyber-war, the need for cyber-warriors and cyber-weapons, the rise of the Advanced Persistent Threat (APT), the risks that Bring Your Own Device raises, and the security issues with Cloud computing. If we simply consume these stories without asking “why?”, we may never learn to understand the motives of those behind the story.
Why are vendors pitching story after story about the above issues? Is there a genuine concern that we should be aware of, or is it simply a way for vendors to make companies more nervous about their security and therefore buy their products? Is all the talk and hype about cyber-warfare and cyber-weapons something that we all should worry about or is it a way for vendors and other interested parties to create a perceived need for governments and industry to provide funding in this area? By asking “why are these stories appearing in the first place?” we can better understand the issues that really affect us as professionals, as a community and also affect our organizations.
The question “why?” should not just be reserved for vendors, pundits and those in the information security industry - we should also look into our organizations and ask the same question of them. We need to better understand the business that our organizations are conducting so we can better protect them. By engaging with our business colleagues and asking them the question “why?” we can better understand the issues the business is trying to address. It can help us eliminate unnecessary distractions and allow us focus on delivering real value and benefits to the organization.
Let’s stop being distracted by the “who?”, the “what?”, the “where?” and the “when?”. Let’s focus instead on the “why?”. It is time to reignite the curiosity that drove the early pioneers of the security community and made “why?” a useful tool once again.
Brian Honan is an independent security consultant based in Dublin, Ireland, and is the founder and head of IRISSCERT, Ireland's first CERT. He is a Special Advisor to the Europol Cybercrime Centre, an adjunct lecturer on Information Security in University College Dublin, and he sits on the Technical Advisory Board for a number of innovative information security companies. He has addressed a number of major conferences, he wrote the book ISO 27001 in a Windows Environment and co-author of The Cloud Security Rules. He regularly contributes to a number of industry recognized publications and serves as the European Editor for the SANS Institute's weekly SANS NewsBites.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.