After a very entertaining and off-color presentation about security within the work environment, I caught up with presenters Mike Rothman and Rich Mogull of Securosis. In their presentation, they discussed a lot about fear in the workplace – what security people hear from their users and upper management.
What drives security spending are immediate risks, not long term risks, said Mogull. People simply don’t think about the abstract issues of long term risk. While others had told me that compliance and regulations were the security spending drivers, Rothman and Mogull say that’s not really the case as the introduction of a new regulation takes four to six years to impact security spending.
One of the principles of security is that human behavior isn’t going to change, said Mogull. You’re never going to get away from people being attracted to ambulance chasing threats and breaches. The way to get the long term security message out there, is to sneak it in with all the other “house is on fire” security reporting.