Cyber Security is Full Contact Chess
I like to think of Cyber Security as full contact chess. Its not just a strategy engagement and it is not a bull in the china shop. Strategy without backbone will cost you. Big bells and whistles without a strategy will cost you even more. Today’s constant attack scenarios require a mixture of both silent strategy as well as bells and whistles to alert and defend.
Far too many Security teams rely heavily on security appliances (IPS or IDS), to notify if any anomaly occurs within the domain. Other teams use a “seek and destroy” method when facing any cyber attacks. True security requires both a heavy hand and a silk glove.
Security appliances are an absolute must. Properly configured and up to date firewalls will prevent many intrusions. However, attackers are more sophisticated that brute firewall attacks. An innocent looking email that tell a user to click on the attached invoice is much more likely.
The strategy of training employees, defined response plans, damage mitigation plans, proper backups and disaster recovery plans must be in place to respond to the inevitable attack.
Cyber Security is a strategy game that is played in full protective gear. Does your organization have both strategy and appliances in place?