The Reality of Infosec Challenges: It's Not Just About Technology
Rye Whalen ??
Enabling Sense-Making?data processing, fusion, analysis, and contextual understanding related to intelligence production
When it comes to information security, many people assume that the biggest
challenges lie in the realm of technology - firewalls, encryption, and the
like. But the truth is, a significant portion of the problems we face in
infosec are actually rooted in non-technical issues.
For instance, something as straightforward as keeping track of which
assets belong to an organization can be a major hurdle. This may seem like
a simple task, but surprisingly, many companies struggle to maintain
accurate inventories of sensitive data and systems. Without this
information, it's impossible for management to make informed decisions
about security measures, leaving them vulnerable to attacks.
Another issue is the implementation of basic access controls - who has
access to what, and under what circumstances. This might seem like a basic
oversight, but it's astonishing how frequently organizations fail to
establish clear policies and procedures for managing user access. Without
strict controls in place, hackers can easily exploit weaknesses and gain
unauthorized access to sensitive information.
These non-technical issues highlight the complexities of infosec and the
need for a more holistic approach to security. By addressing these
fundamental problems, organizations can lay the groundwork for a stronger,
more effective infosec posture - one that goes far beyond just technology
alone.
Now that you've seen how non-technical issues can be major contributors
to information security challenges, what do you think is the most
important step an organization could take to improve its overall infosec
posture - and why?
Marketing/Sales Expert/KOL
2 周Appreciate the insights on information security! You’re absolutely right—while technology plays a crucial role, the human and operational side of security is often where the biggest vulnerabilities lie. In the food industry, we see a similar challenge: You can have the best ingredients, the latest kitchen tech, and a strong brand, but if the fundamentals—like inventory management, staff training, and clear operational procedures—aren’t dialed in, the whole system is at risk. The same applies to infosec. From my perspective, the most important step an organization can take to improve its overall security posture is building a strong security culture. This means ensuring every team member, from leadership to frontline employees, understands their role in protecting sensitive information. Just like a restaurant trains staff on food safety and customer service, companies need to train employees to recognize threats, follow access protocols, and take responsibility for security best practices. Without buy-in from the people handling the data daily, even the best tech solutions won’t be enough. What’s your take—how can companies make security awareness more engaging and effective for their teams?
Vocational Instructor | USN Veteran |
2 周Great article Rye! I think you touched on something that many people don't talk about. There are missing components within organizations that are a result of not thoroughly training employees. You might hire someone who knows how to use computers, but are you providing them training on social engineering attacks or acceptable use for the systems they are on besides just giving them a paper to sign at onboarding?