Here are some great quotes that should keep you thinking about How much security is needed.
These quotes are from Nativeintelligence.com:
Security is always excessive until it’s not enough. — Robbie Sinclair, Head of Security, Country Energy, NSW Australia
Here is a long one:
Those of us in security are very much like heart doctors — cardiologists. Our patients know that lack of exercise, too much dietary fat, and smoking are all bad for them. But they will continue to smoke, and eat fried foods, and practice being couch potatoes until they have their infarction. Then they want a magic pill to make them better all at once, without the effort. And by the way, they claim loudly that their condition really isn’t their fault — it was genetics, or the tobacco companies, or McDonalds that was to blame. And they blame us for not taking better care of them. Does this sound familiar?
This one is important for the Ransomware defense: Schrodinger’s Backup: “The condition of any backup is unknown until a restore is attempted.”
Shrödinger’s cat is a unique phenomenon in quantum mechanics so in a sense it is a principle of backups that most people need to learn and understand. You HAVE to test the backup, otherwise it is not useful.
From Brainyquote.com
Man maintains his balance, poise, and sense of security only as he is moving forward. Maxwell Maltz (cosmetic surgeon and author of Psycho-Cybernetics). The original text of his book: “The New Psycho-Cybernetics”
That is an important quote to remember – as you develop your own GRC – Governance, Risk, and Compliance efforts it is important to move forward to keep everyone on task.
“There is no security on this earth; there is only opportunity” Douglas MacArthur.
We need to find some hacker security quotes, here is one:
“But we are hackers and hackers have black terminals with green font colors!” by John Nunemaker (this was from a while ago – likely in the 90s or earlier as today everyone hacks from PCs.
This is more like it:
“I am a hacker, and this is my manifesto, You may stop this individual, but you can’t stop us all.”
“One single vulnerability is all an attacker needs”. Window Snyder – CSO of Fastly
Can’t forget Kevin Mitnick (the famous hacker of the 90s)
I have tried to figure out the money available to the hacker for the lack of patch management:
And that was at the beginning of this year 2016. Out of 220 million PCs Microsoft knows that 10% do not patch fast enough ( they can tell how many systems should be accessing their servers). So 22million PCs are a target for ransomware, which means at $300 per attack this is a potential $7Billion potential for hackers. Which means this warchest can be used to make more sophisticated attacks.
And we can always go back to the very old:
“The secret of change is to focus all of your energy not on fighting the old, but on building the new.”
Keep that in mind when teaching the new procedures and policies.