It’s a fact that when we are inundated with news about a single topic repeatedly we tend to start ignoring it, pushing it out of our head and moving on to the next thing.
Sadly, this type of “Fatigue” is starting to occur in the cybersecurity space as the 24-hour news spits out commentary about Equifax, Yahoo, Deloitte, Sonic, SEC, NSA, etc. etc.
If you didn’t know there are breaches happening you are living in a bubble and probably won’t be reading this blog anyway.
In each situation that the media reports on, the root cause is different, however, many times it boiled down to plain old stupidity.
While we Brits try to be subtler, this topic requires the American approach. So, let’s look at the real definition of Stupidity. It is simply behavior that shows a lack of good sense or judgment.
Review of this article
The need of a specific managementTo ensure a good will of people in charge of cybersecurity, tasks must be done in the easiest way.
Gamification is a good mean to achieve efficiency with simplicity. For instance, cybersecurity can be orchestrated as "Capture the Flag" games with a team defending the system and a team attacking it. The learning curve to master a system is very quick. With a good monitoring of the players, the system can be efficiently mapped and known by people in charge.
Saint-Exupery's quoteAnother thing to achieve is to simplify the system itself as far as you can. As Saint-Exupery quoted:
La perfection est atteinte, non pas lorsqu'il n'y a plus rien à ajouter, mais lorsqu'il n'y a plus rien à retirer.
Perfection is fulfilled, not when there is nothing more to add, but when there is nothing more to remove.
The simpler a system is, the smallest is the attack surface.
Look for simplicity. The minimum amount of code, systems and functionalities. The environment's clarity, for the people in charge minds, depends on it.
Create your secure network