I was reading this interesting article:
Infosec: The World’s Largest Rube Goldberg Device
https://www.infosecisland.com/blogview/18168-Infosec-The-Worlds-Largest-Rube-Goldberg-Device.html
when in the comments I saw this: “Teotwawki”. I Googled it and lo and behold, this is the answer:
The End Of The World As We Know It
Nice! Like TANSTAAFL (“There’s no such thing as a free lunch”).
Anyway, regarding the article (I was thinking of blogging it already, but that cool acronym sealed the deal), I see the yawning gulf of ignorance even among people in so-called security environments. Because real security experts tell executives what they don’t want to hear (that they are vulnerable and are probably hacked already), instead they hire consultants practiced in the art of telling the executives what they want to hear (basically, get all these boxes checked and you are done). It makes a man think about going black hat sometimes…
Since the real problem is companies don’t want to invest in qualified people and wouldn’t listen to their information anyway I am not sure there is a solution. I was being considered for a job as an IT director some years ago (next to my Alma mater down in Blacksburg), but declined once I found out that the previous director had been let go because he (or perhaps she) kept telling them they had to make changes in the way they did business. Why swim upstream against that torrent? I can stay at home and whack myself in the noggin with a hammer instead and have a better time!
As long as corporations don’t give a damn about security they won’t have anything effective. It is very challenging to get security right and balance the needs of the users against the need to keep things secure (‘ideal’ security leaves you with a system that is totally unusable, so the simple, trivial act of making use of the information is itself an opening for security leaks) and after all, the rule of thumb is more than half of all attacks come from within.
