Four Things Security Professionals May Be Thankful for This Thanksgiving

Delivering secure IT systems to users and the enterprise doesn’t often get the thanks and praise it deserves. I know from first-hand experience that in the world of IT admins there’s often a lot of complaining when a system doesn’t work, but rarely any thanks when it does. So in conjunction with Thanksgiving in the US, here are a few things we as security professionals might be thankful for.

No Data Breach: Being thankful for not being breached this last year is the big one. You will be very thankful if you haven’t had to appear before your board or on Fox, MSNBC, CNN or even worse C-SPAN, to explain where your customer/credit card/intellectual property/data has gone. I’ve spoken to many of my peers who are extremely thankful as more time has passed and they haven’t had to deal with a major and public incident. The old adage, that the better an IT administrator does their job, the less they will have to do, doesn’t ring true here. The red queen effect of those who seek to exploit our systems is still a strong force as the Sony Pictures team would no doubt testify yesterday.

Security Mindfulness: Be thankful for the growing focus on IT security. IT security is getting a much higher profile and this is increasing public concern, and this drives more buy-in from senior management which means more security budget should follow. There is also a trickle-down effect from the volume of stories that hit the mainstream media as they impact our non-technology colleagues too. Telling them that their logins, systems, data, accounts, on-star systems, garage door openers are all at risk from hackers/Anonymous/Unit 61398/Axiom/SEA/etc. The concern this has whipped up means a renewed interest in security measures that makes the task of getting business and wider employee buy-in much easier.

A New CISO: Be thankful for the new CISO. We’re told more CISOs are being recruited than ever as the C-Suite accepts the need to have a single senior executive responsible for the management of their security strategy. We’re already seeing the appointment of the CISO can have a measurable effect on reducing the cost of a security breach, and the cost of protecting data, so the ROI on a CISO becomes easily provable.

Savvy Users: Be thankful for employees who are getting more security savvy might sound like a surprise to some. As consumer computing becomes more accessible and easier to adopt, think tablets rather than *nix desktops in terms of complexity, employees are much more technically savvy than ever before. And, as digital natives start to enter the workplace, being new to technology is no longer a problem. Being more technically savvy means educating users to risks has become much easier, and we ought to be thankful for that. However this is a double-edged sword, one I like to call the Dropbox effect; savvy users mean the fast proliferation of unsanctioned consumer grade IT in the enterprise, and that is a Shadow IT threat we're not thankful for. So as you sit enjoying your turkey, and you are hoping that a Black Friday spam deal doesn’t lure your employees to a malware laden website, remember there is a lot to be thankful for and people who realize how much of that is down to your hard work!