Every day we are hearing of major organizations, state governments, local jurisdictions being compromised via ransomware. Some are taken down for months. Some are educational systems that have robust cybersecurity departments. Every year we are spending more and apparently, we aren’t making a dent in the threat landscape or being able to deter threat actors. Why?
The first is cybersecurity fatigue. Most people have been breached, but the consequences aren’t the same as if your car is stolen. Make a few calls, try to get it fixed, whatever. We shrug and move on. Then we pass that same fatigue that came from personal protection to company protection. It hasn’t ever happened to us. It will be okay, we have an IT department who is taking care of it. I am really busy and I don’t have time to do the one extra step to check this link. Then disaster strikes.
Why is this happening? Just as we baked in security to our life: Locking our front door, wearing our seatbelts, lowering the blinds, turning on a light. We need to bake information security in as well. There was a time we all could keep our doors open and our cars unlocked, but then we had to change. Will everyone be secure all the time, no, but we can get into better habits.