What do you mean, you don’t know what it does?
Let’s be polite and say that they’d been ‘compromised’ and understandably they weren’t best pleased. Not just because of the breach itself but at the smorgasbord of security products which between them, had collectively managed to avoid doing the very thing they were designed to do.
Among them, a well-known vendor who’s blushes I’ll save by not naming them. My new CIO friend had already told me how cool the dashboard was and that it ordinarily lit up like a Christmas tree whenever it wasn’t happy, so the breach came as a bit of a surprise.
The subject quickly turned to what they’d paid for the privilege of this ‘super-cool flashy dashboard’ and when I heard the number, my jaw hit the floor at break-neck speed.
It was, by anyone’s standards, completely ridiculous and I mean, a staggering amount of money. The sort which wouldn’t look out of place on one of those big comedy cheques which Pudsey dishes out. I honestly couldn’t believe my eyes or ears.
“The trouble is” they said, “It’s reached a stage where we’re simply too scared to turn it off and if I’m being candid, I couldn’t tell you in earnest what it actually does for us anymore”.
Now that’s ironic. They were too scared to turn it off and I was about to say how scary I found that sentence.
Now I like this CIO, I like them a lot and here’s one thing for certain, they are nobody’s fool, so how is this even possible?
I’d like to take an educated guess, if I may.
Somewhere between ‘Levelling the playing field with the bad guys’ and ‘Selling the merits of sexy dashboards’, it seems the security industry has lost its way.
When I started out in the security world, there was a real sense of pride and specialism in what we do. I’d go as far as to say, we were revered in the tech world. The guys standing up for people and businesses being attacked by the ultimate silent and faceless assassin. An elite team of heroes.
Then (what seemed like overnight), Vendors started popping up like a virtual ‘Wack-a-Mole-Contest’ and all of them seemed hell-bent on ‘pedalling snake-oil’ at the painful cost of preserving the integrity of our industry.
And it’s getting worse. Every cyber-attack headline seems to spawn new marketing propaganda quicker than you can say “Hold on, I think we’ve already got one of those”.
As I write this, Gartner estimate there are over 3000 Vendors in the market today, leaving your average organisation with anything up to 50 security products to their name.
Can you believe, there are still solutions out there which do nothing other than spot errors in email addresses? Literally, just that one thing? Come on, give me a break.
Do businesses need ‘Multi-Layered Security? Absolutely. In fact, it’s critical. Do they need an abundance of products performing precisely the same task while paying through the nose for the privilege? No, they really don’t.
And this is where I lose patience because now, like never before, businesses really need our help. Most (if not all) are under extraordinary financial and operational pressure. They need lots of software doing the same job, like they need another pandemic.
“We simply don’t have the time to review it” is a phrase which has thankfully been put to bed, in no small way, these last few months and value is under scrutiny once more.
Businesses the world over have been doing one big virtual spring-clean, only to find that they’re spending a ‘big chunk of change’ on things they already have and trust me, it’s simplicity which will be the real winner here.
Just look at Zoom. They occupy a hugely competitive market. Less than 4 months ago, whenever I suggested a Zoom call, I had to explain what it was. Fast-forward to today and they’re in Parliament, countless businesses and even the word ‘Zoom’ is becoming as much a ‘verb’ for Virtual Meetings as ‘Google’ is for Search.
Now, most CIO’s I’ve met are remarkably smart people. They have to be, and my friend here is no exception, but they can be forgiven for second-guessing the choices they have made when they are relentlessly pummelled with propaganda at the worst possible time.
This pandemic has forced almost every business to protect more remote users than ever, while simultaneously handing cyber-crime a virtual playground of endless possibility.
Businesses need our help more than ever before and being too scared to switch something off isn’t a strategy. I honestly sat in that meeting thinking the very last thing needed in unprecedented circumstances is ‘more of the same’.
Not every solution can cut the mustard in the current climate. The opportunity is here for the industry to step-up and (wait for it) help businesses reduce the number of replicating products they have, not add to the problem.
Today, our role should go beyond offering protection and peace of mind. In one of the most challenging climates in living memory, we’re also in the strongest position to empower and support businesses to work safely from wherever they are.
You don’t need an overpriced dashboard to know that’s where the real value lies.