Security vs. Business Flexibility
by Bruce Schneier
November 30, 2015
This article demonstrates that security is less important than functionality.
“When asked about their preference if they needed to choose between IT security and business flexibility, 71 percent of respondents said that security should be equally or more important than business flexibility.
“But show them the money and things change, when the same people were asked if they would take the risk of a potential security threat in order to achieve the biggest deal of their life, 69 percent of respondents say they would take the risk.”
The reactions I’ve read call this a sad commentary on security, but I think it’s a perfectly reasonable result. Security is important, but when there’s an immediate conflicting requirement, security takes a back seat. I don’t think this is a problem of security literacy, or of awareness, or of training. It’s a consequence of our natural proclivity to take risks when the rewards are great.
Given the option, I would choose the security threat, too.
In the IT world, we need to recognize this reality. We need to build security that’s flexible and adaptable, that can respond to and mitigate security breaches, and can maintain security even in the face of business executives who would deliberately bypass security protection measures to achieve the biggest deal of their lives.
Ready to increase your organization’s resilience to security threats? Download “The Cyber Resilient Organization: Learning to Thrive Against Threats,” the latest study from the Ponemon Institute.
About Resilient Systems
Resilient Systems’ mission is to help organizations thrive in the face of any cyberattack or business crisis. Our award-winning Incident Response Platform (IRP) empowers security teams to analyze, respond to and mitigate incidents faster, smarter and more efficiently. Resilient is fast becoming the industry standard solution for incident response. The IRP integrates all other security technologies into a single hub and provides easy workflow customization and process automation. Armed with Resilient, security teams can have best-in-class response capabilities. Headquartered in the US and UK, Resilient Systems has more than 100 global customers, including 30 of the Fortune 500 and partners in more than 19 countries.