Back when they were common place, I recall going into my local bait and tackle store and seeing a display of fishing lures on the counter touting some super power or other that would almost guarantee you’d catch more fish. I asked Steve, the shop owner, who I’d known for some years, his opinion and his reply has remained with me ever since.
“You know what Simon, some lures are designed to catch fish, others are designed to catch fishermen. This one is designed to catch fishermen.”
This advice has served me well in the many intervening years, across many different sets of products.
In the last few years, with cyber security becoming a concern at all levels of busienss, I am observing far too many decision makers failing to fully consider whether their security expenditure is the most suitable for their organisation.
There are a number of broad questions that should be asked with any security investment, cyber or otherwise, that will assist in evaluating any expenditure.
What problem does it solve or what risk does it mitigate for my organisation?
In the physical security world, we’d find it laughable to deploy a team of Ghurkhas, SEALS, and SAS soldiers to stop kids sneaking in alcohol into a party. Same principle in cyber security – just because a product solves a problem, is it a problem that you need to solve? If you’re not a target for state sponsored hackers, then maybe an APT detection product isn’t the best solution for you…Click here to read full article.
