In cyber and information security, there’s a saying: “Security is a process.” Hackers have a similar saying: “Screw the processes, let’s hack!”
Which is better?
I won’t answer yet. You won’t get off that easy. This answer requires a story.
There once was a woman who was the head of cybersecurity for a large and successful Internet and gadget company that everyone knew. She worked long hours, but the time was flexible and half those hours she could work from home. The people said she was lucky.
One day her team discovered some suspicious activity inside the company. It appeared that they had been breached through a third-party vendor access point. She had only been working there a year and didn’t even have time to roll out all her security updates to the policies and infrastructure when this had happened. The people said she was unlucky.
The investigation showed that the breach did not reach the databases and no customer information nor accounts had been compromised. The people said she was lucky.
The company decided to get ahead of the potential public relations hit and informed all their customers and users about the breach. The announcement of course made the news everywhere. Pundits speculated. Stock brokers shied away. The executive board mumbled. The people said she was unlucky.
The breach led to a sudden surge in resources for her department. She was now able to afford better technology to allow for faster, smarter, and prettier security products. The people said she was lucky.
The woman was called before the board to explain herself. She spent the day preparing her slides and went with her confident face on into the meeting room. She explained the breach and how she would rectify it. The board decided to fire her anyway (Read more...)
*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by Pete Herzog. Read the original post at: https://threatvector.cylance.com/en_us/home/the-one-with-the-lucky-hacker.html