People love stories about breaches, viruses, and zero-day attacks, said Tim Wilson, Editor of Dark Reading. The popularity is reflected in the traffic numbers for these stories. Wilson thinks the popularity of these stories reflects the day-to-day work of their readers. They’re dealing with near term problems.
They’re firefighting, taking care of these immediate concerns because either that’s all they know to do, or because they don’t have the time to do anything else.
Wilson asks, “Can they do something architecturally?” Can they change policies to fix issues in the long term instead of firefighting what’s in front of them every day.
In the past, compliance forced companies to create a security budget. Failure to do so would result in fines. Compliance did force companies to build out security architecture to solve some of the problems they had. But it was only to appease the auditors. They need to ask are they really doing true security or are they just checking off boxes?