There is no better allegory for the coexistence of business and security than this modern fable:
A scorpion needed to get to the other side of the river so it hired a frog to get it there. The scorpion climbed on its back and before it even got to the river’s edge, the scorpion stung it and killed it. Another frog jumped at the chance (literally) for the vacant job, which the scorpion hired. Seconds later it stung the frog and killed it. Three more frogs showed up vying for the job. Each one dead before the scorpion got more than ankle deep in the water. More frogs showed up to take the job and as each died and sank to the scorpion’s sting, another frog showed up to carry it a little further. Soon there were no more frogs that could or would carry it and the scorpion sank, drowning in the river.
If you’re business management, you likely read that story and thought, the scorpion got screwed by its own employees. The scorpion was completely unaware that it was drowning, and needed the frogs to convince it that water can be bad. Therefore, the fault is the frog who was hired for the purpose of safe travel across the river which it failed to deliver.
If you’re working in cybersecurity then you likely read that story and thought, holy crap, I really do work for scorpions!
There are a lot of books and blogs written about how cybersecurity should learn the language of business to be taken seriously, and how we need to learn finance and risk to convince the heads of these mighty nations we call corporations. Yet, they will sink without security. So, shouldn’t they be learning the language of cybersecurity?
Don’t answer that, because… really, (Read more...)
*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by Pete Herzog. Read the original post at: https://threatmatrix.cylance.com/en_us/home/business-and-cybersecurity-the-codependency.html