I was watching TV and saw an advert for Irish Pride bread. The concept of the advert is that some people take no pride in their work and often take shortcuts to achieve their goals or indeed just do the bare minimum to get by. It got me thinking about the information security field and whether or not we take pride in our work or are we inclined to take shortcuts?
While my initial reaction was that we as a profession need to ensure we continuously do our best in order to keep the bad guys at bay, the practicalities of being on top of every thing at the same time is not possible. The bad guys can concentrate on attacking one component of your systems in order to find a way in; you need to concentrate on them all. In addition the criminals have all the time in the world while you are most likely being stretched on various projects and deadlines. In short the criminals need to be lucky once while we need to be lucky all the time.
Unless you are the subject of a targeted attack being just good enough may be what you need to have the attackers move onto other less protected targets.. The challenge is making sure your “just good enough” is better than others’. Mike Rothman’s Blog provides some sage advice on this topic and I would recommend you pop over there from time to time to see what he has to say.