Cyber Security is like full contact Chess
I like to think of Cyber Security as full contact chess. Its not just a strategy engagement and it is not a bull in the china shop. Strategy without backbone will cost you. Big bells and whistles without a strategy will cost you even more. Today’s constant attack scenarios require a mixture of both silent strategy as well as bells and whistles to alert and defend.
Far too many Security teams rely heavily on security appliances (IPS or IDS), to notify if any anomaly occurs within the domain. They expect the appliance to do the job for them. Other teams use a “seek and destroy” method when facing any cyber attacks. These teams are far too reliant on the security personnel’s skills and abilities. True security requires both a heavy hand and a silk glove.
Security appliances are an absolute must. Properly configured and up to date firewalls will prevent many intrusions. However, attackers are more sophisticated that brute firewall attacks. An innocent looking email that tells a user to click on the attached invoice is much more likely. Somewhere in your organization, there is someone who will click on the attachment. The strategy of training employees, defined response plans, damage mitigation plans, proper backups and disaster recovery plans must be in place to respond to the inevitable attack.
Cyber Security is a strategy game that is played in full protective gear. Does your organization have both strategy and appliances in place?