Security is a hot industry and everyone tends to be an ‘expert’. Security expertise is not defined as a person or an organization who is great at Google searches, read the latest online trends, or crammed to get the latest certificate.
Did you know that magazines, including well known security magazines, actively solicit companies to pay them to be listed in their magazines as a “Top 10 Information Security Solution Providers 2018” or similar listing. Further, editors will write positive reviews and articles about the company’s products and services for a price. A large organization with a big advertising budget doesn’t mean better security or value for your organization. In fact, it may be the exact opposite.
Organizations also attempt to build their internal security through trial and error or in a piece meal fashion. This is expensive. Big budgets does not equal success. Several companies and consultants have jumped into security arena where security is not their forte; but a mere byproduct of other services they really offer. Sadly, there are many involved in the security industry who have little, if any, real expertise. Yet, in the end it’s the confidential data, customers, and the organization who suffers when data breaches occur.