One of my favorite phrases is “snatching defeat from the jaws of victory.” The slight modification of the old idiom is the perfect way to understand how it’s possible for even the most effective, well-written, well-intentioned, and strategically developed cybersecurity policies to become irrelevant.
In my experience, I’ve seen a company’s management find so many ways to completely neutralize their own cybersecurity policies. For the most part, they involve some level of egotism oftentimes associated with management, the most obvious being the idea that “these policies don’t apply to me.” However, there are many ways, some much less obvious, for management to undermine their company’s own cybersecurity policies.
And, by extension, making their company, their employees, their customers, and themselves less secure. (more…)