Perceived Threats vs. Real Risk

As I was started at the office today I started to think about all of the false alarms on the news.  There are so many things we are supposed to panic about and be afraid of.  If they just keep us enough on edge we won’t flip from Fox News to CSI: New York. This is not unlike how many in my industry sell security.  They tell their clients and prospects what is going to happen unless they buy this product or use that service.  The truth is neither solution will buy them 100% security.  And if they sit down with the same rep next week there will be a new threat that will require yet another product.

These sales reps and consultants are disingenuous and their actions actually produce a recoil effect on security.  Asset owners eventually throw their hands up and do nothing because it feels, and rightfully so given the information at hand, that no matter what they do they will never be secure.  So the resulting effect is to do nothing and wait until something happens to react.

So how does a business owner, a manager, a CIO, a CSO decipher the real risks from the false and the ridiculous?  If you have a strategic approach to security, meaning it is part of your business, and you build it into everything the risks are greatly reduced.   If we write and here is the key, enforce, policies across the organization you can contain any risks.

It is someone tells you that this or that will make you 100% secure they are lying, find a new advisor.