By Ray Vazquez on April 06, 2022
The phrase "history repeats itself" has been spoken for centuries in one form or another. George Santayana, Winston Churchill, Mark Twain, and many others receive the credit today. But no matter who said it first, what does this mean? Is "history repeats itself" simply an inescapable cause and effect situation? Or maybe a data-backed predictive model? In any case, people perceive this as a repetitious pattern that begs to be explored and addressed.
So through this lens, let us look at security breaches that continue to happen repeatedly. Yet we should recognize that people continue to be surprised by them when they occur. Why is this pattern happening? And make no mistake about it, there are two patterns here. One is that breaches continue to occur again and again. And the other pattern is that people continue to be surprised by them despite their repetitive nature. The surprise of the breaches is becoming more surprising than the breach event itself. First, let's address the continuous cycle of breaches through five remediation action items.
Action item #1: Talk to your team and identify the pointers.
After a breach event, there are always those who say, "I knew that would happen." Get out in front of this type of "Monday morning quarterbacking" by asking your team members what they think about a situation and getting feedback on potential gaps or vulnerabilities.
Action item #2: Make time for the things that are not sexy.
Simple maintenance can often prevent even the most costly breaches. The cause of many vulnerabilities today is unaddressed low-priority items, and focusing on these types of issues will go a long way.
Action item #3: Pay attention to what's going on in your industry.
If similar organizations are being attacked and dealing with breaches, you can learn from what is happening to them. Staying informed and learning from those attacks can work to your advantage.
Action item #4: Stop acting like you are invincible.
Often organizations have a false sense of security. The story of Achilles can teach a valuable lesson here. Despite his extraordinary prowess in battle, his heel is now infamous for vulnerability. Overconfidence gains nothing for an organization. On the contrary, assuming you are vulnerable helps your security posture.
Action item #5: Don't underestimate your enemy.
Having a clear understanding of your threats and adversaries is critical. Underestimating by looking at the likelihood of something occurring can create a blind spot. Think through the potential paths someone would take when attacking your organization and leave nothing to chance.
These are our five action items to implement to avoid falling into the trap of having history repeat itself when it comes to breaches. Regarding the repetitive cycle of people being surprised by breaches, it brings to mind another often misquoted phrase–"the definition of insanity is doing the same thing over and over, but expecting different results." Albert Einstein did not say this for the record. A fictional character in a 1983 mystery novel deserves the credit. Nonetheless, it rings true so let's stop the insanity and not be surprised when the subsequent breach occurs.