Security is a complex subject and an equally complicated problem to solve. As an expert on the matter, I have to accept that there is no absolute solution for the problem, just incrementally better ones.
We watch a relentless sequence of cyberattacks unleashed on both private- and public-sector organizations. Governments and leaders are becoming increasingly aware of just how crucial their information security postures are to their mere existence.
Security as a Service
On-the-job training and personal experiences are at the basis of our Security Program, implemented to provide support to our business for improved reliability and efficacy of the services we provide.
This is the point of security as a service standard, with defined specifications, policies and guidelines. But also security at the service of the business: there is a lot that can be learned from an open and transparent conversation about the commercial needs as well as the vision and goals and, why not, dreams of a successful organization.
Lessons that we bring to the development table to devise the technology, the sets of rules, and even which tools are required for the job and obtain great results.
In this way, we design the security of the product. A product that is for the users, the individuals that we must keep safe. Not in a dystopic way, though, with rigorous controls or giving limited options to the users, but with constant attention to their needs.
If a user wants to share a thought, an idea, a product, for example, we have to guide him in doing so in the most respectful way for himself (do not share too many sensitive details), respectful for the others (don’t be invasive), respectful for the business that provides the service.
Trust in Security
A Security that helps the business to gain the trust of its customers.
Trust: a beautiful word. Powerful human emotion. A fundament of society. But also a weak spot in social relationships. More than 90% of the attacks in recent years in the real- and cyber-world have leveraged people’s trust.
The phishing Net
People that get trapped in the phishing nets, launched by the attackers and created in complex exercises of social engineering. The Attackers rely on the natural helpfulness of the individuals in the attempt to exploit their perceived personality weaknesses and gain access to information. Hence, we must focus on people.
I call this the Security Cycle.
We have lived, gained experience, learned several lessons through the business’s eyes of the product and the users. We close now the circle, and the journey will start again.
The solution we have in place or that we deploy won’t kill all the risks. Yet. It will be an incrementally better solution.