Security should not be sprayed but baked


Recently I saw this fabulous quote “Security should not be sprayed but baked”. It kept me thinking of why this quote sound’s so interesting and as they say “A single sentence could form a whole story by itself”. We are living in a world dominated by signals flowing rapidly beyond imagination. It becomes hard to control this flow or prevent others from accessing these signals. Organizations are facing new cyber threats each and every day, which is hiking as the day passes.

According to the Ponemon Institute’s 2017 State of Cybersecurity in Small & Medium-Sized Businesses report, 61 percent of businesses experienced a cyber-attack in 2017, signifying a 6 percent increase from the previous year’s 55 percent.

We have technologies, regulations, and standards to classify and protect our information along with Cyber Security experts, who could predict attacks even before that could happen. And still, we see different new risks arising each day.

The cybersecurity community and major media have largely concurred on the prediction that cybercrime damages will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015 (source: cybersecurityventures).  This draws the biggest change of business assets in history, risks the incentives for innovation and investment, and will be more effective.

This is where the quote comes in “Security should not be just sprayed but baked” . An organization or individual trying to protect themselves should ensure that security is not just sprayed across to create a belief that we are secure but instead security should be baked with the organization to be part of their daily activities.

 We see different organizations implementing security measures to make a belief that they are secure and their clients could rely on them to protect their data. And when an attack occurs, they shake with regret of not ‘baking’ security. We should develop a mentality based on the quote “Trying to obtain perfection is better than pretending to be perfect”.

We have all the solutions and technologies available to protect us from cyber-attacks and still we step back because of the cost and infrastructure in implementing the solution. This makes us develop a mentality to show that we are secure than actually trying to obtain perfection. All these are because of not realizing that we experience higher loss when a real threat forms and cause a high impact on the functioning of the organization or individual. So, who is there to blame. Is it the people who neglected to ‘bake’ security? And if so what is the solution? What should you do?

It’s simple, just try to attain perfection. Realize that there are new solutions build each and every day to make your security, harder and better.

Or else you could also find a security consultant or a consulting company who could give you the best advice on achieving this.

Spending money on security controls is just like creating walls in our home to protect for our family. Both aim to protect the important and ensure that even in our absence the people and resources inside remain safe.