By: Bob Loihl
My last article was about a security situation at home and how it relates to computer security. It has now been several months since I instituted the security system around the house… several long months… of nothing.
No middle of the night intrusions, no false alarms to wake up the neighborhood over, just monotony. Oh, the alarms go off during the day for the mailman, the camera catches endless video of neighborhood cats passing through or even worse nothing discernible.
I get a whole bunch of false positives (Business as Usual) that I have (and have to have) a process for filtering out. I know what to look for and when, so I can eliminate this noise pretty easily.
But what is noticeably hard is keeping it up. The kids don’t see why they should still have to unlock and lock the gate at all, my wife is tired of hearing the motion sensors during the day so she turns of the monitor, once I didn’t notice and it stayed off all night.
We’re coming up on summer and we are going to have to open our windows more than 6 inches. A day will go by where I don’t check the camera because the motion sensors didn’t go off over night, so why bother.
What I see in my life echoes, once again, corporate life, the non-stop struggle to find a signal amidst the noise, the drudgery and boredom of maintaining defenses and the subversion of defenses by trusted individuals in the interest of ease and facility.
I wonder to myself, as I struggle to keep my defenses enacted in my miniscule domain, how long can corporate world maintain its vigilance? Sure Target and Heartbleed have gotten their attention. Heartbleed scared the common person too. The world is suddenly more aware of the dangers around us, but we hate inconvenience for no observable purpose and fight against it.
It’s in our nature – easier = better right? Sooner or later the news moves on to the next tragedy or crisis and this new risk will become part of our collective past.
So the question for us, security professionals and dabblers alike, is how do we make this moment one that makes a difference? What can we change, in this microsecond of flexibility, that will make the future better for the innocents, the bystanders, the people and small businesses that military types would refer to as collateral damage?
We can swing the tide in our favor now, we have their attention, large and small board rooms around the world see it possibly affecting their bottom line and guess what? That is what does get their attention, so while we have it lets do something to make our collective futures better –
If you influence up, then convince your board this threat is permanent and now is the time to build some defense (in depth) and institutionalize security mindset! Help raise awareness of the need for eternal vigilance.
If you are a coder or a hacker; volunteer to review open source code for security flaws; add some code to a project your company finds valuable; test that open source library you use and help fix bugs. Find a way to find the signal in the noise. Help make it easier for us to remain vigilant when the focus is gone.
Act now, please, because time is almost up – the next news cycle starts… now!
This was cross-posted from Tripwire's The State of Security blog.
Copyright 2010 Respective Author at Infosec Island