Does it feel like we are in an endless loop of breach notifications? Obviously we are not properly securing our systems. If we were there should only be a system breach once in a great while. Or is it that we are doing our job and the threat landscape is just that complicated. I often hear people say in reference to a breach that it is not “if” but “when”. So we have two opposing views about security, either we are doing it all wrong or we do it right and bad things just happens.
I was making pizza for my kids to have for dinner. I was in a hurry because I needed to get my kids to their sporting events. I grabbed an oven mit and reached in the oven and took out the first pizza. Then I reached in again and grabbed the second. Within a second my hand felt like it was on fire causing me to drop the pizza pan. I pulled my hand out of the mit and placed it under cold water. After a minute i put my hand back in the mit and put a pot holder over top of the mit which allowed me to pull the pizza pan out.
So what went wrong. The simple answer is the control failed. I used an oven mit which should have protected my hand from the heat, instead it gave me a false sense of security. However I don’t buy it. There are several things that may have gone wrong. The mit could have been old and the protection diminished. The pizza pan could have been made from a material that conducted more heat than the mit was rated against. I could have used the mit improperly in my haste to get my kids fed and out the door. I could go on, but I think you get the point. Despite the best controls there are many variables the work against us.
So do we throw our hands up and accept defeat. No. Instead we need to press forward knowing that no matter how much we do, there is always something else we should consider. No system of controls is perfect, just keep that in mind. I would hate to see you get burned like I did.