In other word, I feel no security pain. If I feel no pain, then security is not a top priority for me. But if I let my investors and customers know that I’m not putting security at the top of my list, they will think badly of me.
It is the essential security trap – if you are a security professional and do your job well, then your management ask you “what are you doing?” When they see no impact to their business – feeling no pain – management assumes that the security risk is minimal. Yet, when something does happen, management slams the security professions demanding “why didn’t they do something to prevent the pain!?!”
The consequence is that way too many organizations put the word “security” into their marketing literature – to do otherwise would garner criticism. Yet, if you dig to find out the “beef” behind the marketing, you find hype and redirection.
We are in for a interesting year. Lots of marketing hype. Lots of press hype. Yet the cyber criminals stay under the security pain threshold – making good money.