I’m something of a movie fan, that is if it’s a quality movie. And one of my favorite directors is Ron Howard. He takes events in the real world and captures them onscreen in a compelling and impactful way. And I constantly find myself challenged by how to communicate the importance of data security to my readers at the policy level and not as just another IT issue. But James Braddock, protagonist in the excellent movie “Cinderella Man” does it so well with so few words.
You Have To See It To Defend Against It
There’s a scene where Braddock is getting another chance to fight for money and has possibly found a way out of his family’s abject poverty. He has lost everything in the depression, his house, his business, his career. Kids are going hungry, his hand had been broken in an earlier fight a year or two earlier. and he was banned from fighting. Now he was getting a second chance. His wife, however, didn’t want him to take the fight. If he broke his hand again he wouldn’t be able to work at all to feed his hungry family. And in boxing a fighter’s hands are everything. It was a tough choice. So many people suffered in the depression and they did not even know why. What did they do to deserve this? Where did this disaster come from? Braddock was the same way he didn’t know. So, in this scene, he says to his wife,“let me fight in the ring, at least there I know who is hitting me”. It was a seminal moment in the picture, and it brought everything into perspective. So few words yet so true they summed everything up.
You Have To See Them To Deal With Them
It’s the same with your business. The stakes may not be as high as your survival, or your family’s welfare, but they are very, very high. You need to see who is hitting you. You need to know where cyber attacks are coming from, when they are happening or even before they happen. That’s what I call good threat intelligence, knowing what to do about threats when they happen, that is the proper threat response. And you need to be prepared when an unexpected attack comes, that’s the most part of good security posture, as well as security policy. And when there are evolving threats how do you prepare for the next one that is an ongoing security audit capability. No one is going to care if it’s after the fact and you say “I didn’t know.” All they’re going to care about is that you were breached. So, just like Braddock, you need to know who is hitting you, and be able to see them and be ready for them.