First and foremost, it's important to recognize that the closer a relationship we have with an outside entity, the more likely it is that a security failure they have will have detrimental impact to us -- and the greater the magnitude of that impact. So the most obvious takeaway relates to those parties that are mostly directly supportive of our business. Read More ..
Sometimes you can do everything right and still run into trouble. To see this in action, pay attention the next time you're driving at dusk -- for example during an evening commute, if you have one.
If you do this, chances are good that you'll notice at least one person with their headlights turned off. It's not that they're doing anything malicious -- they've just probably been driving for a while and haven't yet noticed that it's darker than prudence allows for engaging the headlamps.
Now, of course, this a safety hazard for the driver -- but it's also a safety hazard for everyone else, too. Their behavior -- unintentional though it may be -- puts the other drivers they share the road with at risk.
There's a lesson in this for information security practitioners. Specifically, those of us responsible for keeping enterprises secure need to be aware not only of our own security posture -- a hard enough job -- but we also to some degree need to be aware of the security posture of others around us.