Something to Consider January 2019 – Compliance May Lead to a False Sense of Security
Why Compliance Does Not Equal Security
The word compliance can lull us into believing that it is synonymous with certainty. But this is a dangerous misconception and one that undermines our understanding of breaches such as retail giant Target’s attack in 2013. We believed they must have some internal security weakness, but in fact they had recently been certified with a security standard. Prevention is better than detection, but in reality we need both as there is no such thing as 100% prevention.
Kerry Bailey, Forbes Technology Council, suggests that until senior management embrace security as an ethos that goes far beyond simple compliance, we should consider 3 interim measures:
- Process Improvement
Government policymakers move slowly, and company cultures transform slower still. Nevertheless, this is a change we must engineer to protect our businesses.
You can find his full discussion here.