Some of you may have noticed the most recent member of our blogging family, but for those of you who have not, allow us to provide you with a brief introduction.
Geoff Webb is not your typical security product vendor. This security expert and senior product marketing manager from NetIQ proudly declares, in many forums, that a rush to employ the latest security solutions is hardly the answer to sound risk management.
His worldview on security and preventing data loss was so eloquently outlined in a recent commentary piece published on our website. “Some vendors would argue that the solution is found in the next generation of security technology, forever glimmering just beyond the horizon”, Webb opined, referring to the ever-increasing reports of data breach incidents in the media. “I’d like to suggest that the rush to invest in new security technology is not going to solve the problem and in many ways it is the problem itself”.
Then there are his comments to Drew Amorosi, Infosecurity's US Bureau Chief.
On risk management through employee training:
[Do we] not understand nothing of human nature? If you look at the way people interact with risk…..people jump in the car and don’t put their seatbelt on….they smoke 40 cigarettes a day….these risks are well understood, the impact is well documented and impressed on that person. So then you expect them to sit through a two-week training course and then eschew some kind of vague or proper awareness of risk for activity and be aware? Like the temp in accounting is going to be sure that they are now doing everything they are supposed to do to prevent a data breach.
Or, Webb’s thoughts on overblown security investments:
I know this sounds callous, but the reality is the most secure organizations in the world can get breached, and they do. So there is only a certain amount of money that makes sense to throw at this problem. It doesn’t mean that you can’t be secure. It’s a case of acknowledging the reality that you’re never fully secure. For each organization, it’s about how much they are prepared to pay to reduce the chance of a breach in a particular area. After that, it’s not worth increasing the spending to get some incremental security benefits.
Infosecurity invites our readers to check out Geoff’s previous postings, which run the gamut from HITECH to cloud security. We encourage you to sign up for our blog RSS feed and follow Geoff as he sprinkles in a bit of humor while discussing topics ranging from compliance to event management.
Is Geoff a cynic? We think this is hardly the case, but we are confident that each time he has something to say, it will be entertaining, informative, and worth your time.