Work cultures and office politics are what's failing cyber security
The technical aspects of cyber security are pretty much resolved.
The industry knows how adversaries breach networks, and we have proven techniques, technologies and procedures to stop them.
So why do breaches keep happening?
Why is it that even though large enterprises spend millions on cyber security, they can fail at even executing the basics?
My experience says that 95% of enterprise cyber security is about dealing with office politics and dysfunctional work cultures:
- Enterprise-wide uplift projects are never seen to completion and rarely achieve their intended outcomes
- Roadmaps and strategies are inconsistent at best, undefined at worst
- Instead of training people to be extraordinary, people are trained to be complacent
- Employees are promoted for playing the political game, not the security game
- Leaders talk big but act small – when they act at all
In the end, most people simply give-up.
When people give up, it doesn’t matter how much money you throw at a problem.
Saving up to buy LinkedIn. Pledge your support at Engage AI.
5 年People like to think that the technology is like a magic pill, once it's swallow all the human problems are magically solved. :)
Professor Cybersecurity & Information Systems | Chief Security Officer | On a mission to train and mentor Military & Police Veterans to Cybersecurity Careers & address Social Cultural Inequity.
5 年Agreed... spend $1m on tech and zip on people and process... youre bound to fail