There is a certain fallacy in the world of cyber security. It has been there since day one and continues to thrive today. The myth is simply that security controls work, when in the main, they don’t.
For too long, security teams have lived the lie that what they have delivered has been effective, but so often they approach it from a viewpoint divorced from the customers they affect. To be fair to most security teams, they are generally blissfully unaware of the inefficiencies of their controls – or ignorant.
This is admittedly a very sweeping statement, but headline after headline about data breaches tends to argue the point. And let’s not be shy here – these are major corporations with systemic failures when it comes to protecting their crown jewels. Something doesn’t sit right.
How can this be? Spending on IT security is at an all-time high. The volume of security offerings to cover every possible facet of security is unparalleled. The technological possibilities for mitigating risk know no bounds. We have more experts than ever before. And, of course, these days we have big data and artificial intelligence (AI) to solve all our ills in the battle against…
