Time to Rethink Security

I got a mail from Quora today and the contents were not as shocking as they should have been, because I was already aware that they had a security breach. This comes some days after the revelation that infiltrators had backdoor access to the database of a prime hospitality group in the U.S since 2014. Imagine the effrontery to sit comfortably on someone else's database for years!

I'm very sympathetic to companies that have data breaches because it is a rigorous duty to keep the "bad guys" out. They keep inventing new ways to get at you and if you're out of the races for a second and, unfortunately, the prime target of a seasoned attacker then C.I.A may be compromised and Personally Identifiable Information stolen.

Does it occur to anyone else that sometimes - if not many times -, lessons learned, after data breaches, are our commonest and reactive medium for data loss prevention? If nothing, it tells us these guys are steps ahead of us.

As already agreed, humans are the easiest entry port of entry for attacks and not technology, but going a step further, humans does not mean only users. It goes before them. This brings me to the thought that security should be a part of the plan of any organization right from the word "go"; from the first business analysis efforts. Business Analysts should make it a point of duty to be security conscious and incorporate security measures into the make up of their plans.

My reasoning: why build a beautiful mansion without any deterrent structure put in place to prevent intruders from gaining unlawful access? I am of the opinion that when security is entwined in the DNA of an organization and a part of the first laid-out plan, it serves to enforce the security objectives of the company. We shouldn't just have successful businesses but successful businesses that are secured.

Finally, my call: Business Analysts and Project Managers should strive to get training and/or certifications on cyber-security/ethical hacking. It would enable us lay a solid foundation for the Security Experts to build upon.

Are companies already doing this, Yes, a lot of them. But a lot more aren't. Maybe because it costs too much to hire the services of a cyber-security expert or because they have erroneously concluded that security is an add-on that could come later. Nothing better than building security along with the business and that's where Business Analysts and Project managers could come is as cheaper and readily available options

Will this prevent attacks from becoming successful? No, but it might just help to reduce incidences or reduce the Recovery Time Objective.