I have been in this business for over 10 years, specifically in the business of trying to ensure our critical infrastructure remains in a safe, reliable and secure state. After all, if our critical infrastructure were to fail, the implications could be huge.Since 2011, I think the real threat of large-scale attacks against critical infrastructure has hit mainstream media and continues to grow not only in coverage but in the sheer number. Just recently, malware/ransomware have become the talk of the town. There is a very real chance of bad actors taking control of our power grids, harming our wastewater treatment plants, and locking our systems until we pay someone to unlock them.Acknowledging these threats, it would be inconceivable that a company would not have a security posture… right?The truth is, from a security deployment perspective, the general consensus is that security enjoys a woefully small slice of a company’s overall budget.
Source: IT Security Spending Trends, SANS Institute, February 2016While this may look like a lot of money, think of companies like BP, Shell, Exxon, or the like. These are triple-digit billion dollar companies. This finding led me to pause and reflect. What follows are my top 5 thoughts on security implementation barriers in no particular order.1. The Ostrich Algorithm