You know the story about the bear? You are deep in the woods with your coworkers on a camping retreat; it’s late at night, its dark, no one around but your group. You have heard that there were bears in this area, so it makes you a little nervous. But you have never seen one. But you have heard the stories. You know that if you encountered a bear it would be a serious problem. You would be at risk; you could even be in grave danger. Your whole world would turn upside down all at once. Sound familiar?
Then all of a sudden the eerie silence of the cold night is broken! At first by a loud grumble and then a blood curdling roar, you get that sick cold feeling of fear in the pit of your stomach. You don’t even know where it is coming from yet. Finally you turn around and there she is, big mean, and after you and your camp mates with a grudge. You really don’t know what to do. Do you run, if so in which direction?
What Do You Do?
You can see she is heading right for you and your mates. Time is now slowed down; you are trying to figure out in the heat of the moment what to do. You make the wrong move and you are surely screwed.
In data security we encounter occasional instances of abject fear and panic. These are the times when preparation will mean everything. The right decision in the moment can help, but the preparation is what is going to determine success in the long run, of course we are in business for the long run, not just the latest crisis. So we need to have a plan a way to resolve this impending security issue. How do we mitigate this at once?
Who Is Going To Lose
So you do the only thing you can do. You get up and run as fast as you can for the safety of the vehicles not too far away. Only thing is, can you beat the bear to safety? Or is the bear going to outrun you? Remember bears run very fast, and in an all-out run they will catch you eventually. But then as cruel as it seems you realize you don’t need to outrun the bear. You just need to outrun the slowest man. Sounds bad doesn’t it? But this is what we do every day in business. We figure out how to beat the guy next to us. Data security is no different. The bad guys know there is a lot of low hanging fruit out there they can pick.
They are interested in the lowest hanging fruit. Don’t be the low hanging fruit. Don’t be the slowest guy in the camp because you think your IT guy is handling things OK. You should not be the low hanging fruit because you wanted to save a few dollars on upgrading your data security. Have you had a security audit in the last year? Do you do any measuring of your security? What is your security posture? Do you have rock solid and actionable data security policies to rely on? The risk from that bear is a serious one, and one that will catch you if you don’t prepare.