I always find it interesting how some people are so enthralled with the security of their organization that it turns into an axiom to them and some dismiss it and consider it the biggest waste of time. Why is this? Are the facts different for each of the organizations? Are there that many different threats for them?
As far as I see it, the differences are negligible. Each organization has to deal with the threat of internal employees, external malicious threats, and compliance issues based on the industry you’re in. So the question come down: why is there such a difference in the perception of security?
Let’s step back first before we attack that question. We’ll quick touch on why security is necessary in the first place. Security, unlike other products, are more of a insurance for the organization to prevent the potential and unforeseeable problems to the organization. Just like you would purchase a sprinkler system for your building to prevent or minimize the effects of fire. When you purchase this, you’re hoping that you’ll never have to use this; but in the case that you eventually do, it would be the potential difference of a few thousand dollars compared to bankruptcy.