I’ve lost track of all the posts I’ve written on this topic and it never ceases to amaze me that it continues on through good and bad economic times. (Not just in our industry, which is just a small part of overall IT spend). Regardless of sector – critical infrastructure and every sector in general, the larger the business, the more gullible (for want of a better expression) they sometimes seem to be when determining what they spend money on, and with whom.
There’s a heap of exceptions and we work with some great people and organisations, but for every good company who thinks about what they do, there’s at least 20 others who continue to blow good money on bad product and bad services that add little to no value to them. You hear about them year after year and wonder when will someone in there will wake up to the fact that they are being duped?
It’s easy for “new stuff” (ie; new products and services) to slip through the cracks; CIOs and other senior management change regularly, but moreso, the selling on fear factor continues to engage whoever is there in the purchase of the latest and “greatest” technology to “protect” the business.
Eg; Does a 7799/27001 project need to cost millions and go on for many years? Ask yourself that large critical infrastructure business. What are you expecting at the end of it? God knows…..times have moved. Are those “penetration testers” worth the big bucks you are paying when the “industry” dudes laugh at the work they have seen of theirs? Who’s making your decisions? Gees…..just one of many examples. Lost, or rather no focus, but big dollars sitting their being blown by people who have no idea! It’s making some people who’s only focus is revenue some big dollars and good progress in the promotion stream of their business.
It’s no wonder people are still cynical about Information Security people – internal and external (consultants). So many charlatans hindering good progress. Anyway, nothing new in this post….been said before. Just raised it today after listening to another story about a large business squandering big dollars on rubbish. No doubt it’ll be in the press soon and the same questions will be asked and then they’ll engage the same people to try and fix the problems they couldn’t fix the first time.