23 August 2009

Why Security Fails? - One Reason

All organizations pay huge price for security, something like running a separate department and spending millions of bucks to just secure from outdated attacks. Most of the software or devices just secure the assets from a worm that pampered few years back. We think that the attackers are naive (again and again they prove that they aren't). Why do we think that they are naive? It is simply because we never want to think differently, we never want to squeeze our brain and we don't know how to use our brain.

We focus on luxury part of life and so most of us discount ideas which needs hard work (like thinking). Thinking and productive thinking is stressful exercise and now you know why attackers keep winning. Attackers have great mindset (but obviously bad motive). But we say that our motive is good but we lack the attitude of hard work. We still think that someone's devices/products/software alone secure our assets and we fail to appreciate "thinking" is necessary to secure the assets.

This blurred view leads to "panic and patch", "let it happen, we have products to secure" situation. The situation becomes pathetic where the people are ready to offer sympathy and ouch. If you want to secure your asset, you need to be hard working thinker and build the ability to see through the system and emerge with good understanding of the systems. It is our understanding about system will secure not the devices.

So, the security fails due to poor thinking. This is going to be my topic for my upcoming talk in Chennai.

No comments: