Many across the globe have read the stress management and self-help book series by Richard Carlson, Don’t Sweat the Small Stuff. Certainly the basic premise is to make sure you focus on the important things in life. Important is rather subjective to us all. Just as it is difficult to determine what is absolutely critical to our business as those requirements change frequently. It is very much dependent on your unique and individual perspective and circumstances. These techniques and tactics can be applied not only in our personal lives but also our professional lives to create balance.
Trend Micro’s recent release of the annual security roundup most definitely validates what IT and information security professionals are seeing on a day-to-day basis. They are absolutely “sweating” and it has much to do with threat actors taking advantage of chinks in their information security armor. It isn’t just the practitioners that are sweating. C-level executives and board of directors are also feeling the heat turning up on their leadership in the cybersecurity arena. Some are fundamentally losing their jobs because of the lack of investment or understanding on how important cyber security is to their business. Risk models are now more than ever incorporating more cyber risk considerations. Security is not directly being seen as a “cost of doing business” but more of a “cost of saving the business.”
Businesses in all sectors need to be aware of hardware and software assets, configurations of those ecosystems and the apparent vulnerabilities that will surface as part of the normal system and application life cycle. As we look to gain competitive advantage via virtualization and cloud computing, we must pay attention to the “small stuff.” Security will be a major competitive advantage to organizations. The ones that do it well and make it a fundamental part of their DNA will be stronger in the end against weaker competitors. Threat actors are counting on mistakes to be made and corners to be cut. Investing in technologies that bring maximum transparency regarding your IT and information security weaknesses will be essential to facilitating a continuously monitored environment. This also creates a required situation awareness of where you are vulnerable to attack. This approach should have a macro view and encompass cloud service providers as well as third parties engaged to partner in the running of your business.
Information security is all about “Sweating the Small Stuff.” The important thing to remember is to embed security into the information resource and systems management lifecycle. Attackers are relying on us to get lazy while moving at the speed of business and innovation through next generation computing technologies like virtualization and cloud. My tip to you; engineer security up front in the design process. This ultimately will help reduce risk and instantiate a security culture within your organization.