If every security person put down their tools today and did nothing non-reactive, would anyone hear that tree falling down? Sounds like a stupid question, but have a good think about it? In your organisation, if you just shut your mouth and/or left everyone to their own devices, would anyone care or even notice in the short term that they had no security “expertise” protecting their business?…….A criminal’s paradise (maybe)!

Seriously…..for most organisations, this is their MO. It is!

That would sound crazy I reckon to senior business management when put in those terms. But hey, that’s how you operate now…..have a good think about that Mr CIO. Gees, I wish more CEOs would read security blogs. This is how it is Mr CEO in your business. What?! No one told you?

Context: Talking to a CEO mate of mine who gets no updates on security from his IT Manager. Offered a free “test” of their Internet security (as a start) by Securus Global after talking about numerous “generic” case studies of what we see every day. He’s now nervous (after hearing them)….as he should be. He’ll be okay though……if he’s in the <5% of companies we’ve tested for the first time who have come out “okay”.