Speaking in the opening keynote session of the Spring Infosecurity Magazine Online Summit, security awareness advocate Javvad Malik explored what he referred to as the “defenders dilemma” – along with outlining strategies for overcoming the issue.
Malik explained that due to various reasons including budget/resourcing challenges, competing business priorities and incomplete data, the defender’s dilemma is that most companies are inefficient defenders.
“There is a perception about security that is built up, but it’s not necessarily aligned with reality,” he said.
However, Malik said there is “one simple trick” to overcoming the defenders dilemma, which is to “shift our perspectives” towards security.
That revolves around two key elements, Malik added: implementing a data-driven approach along with a marketing-driven approach.
To achieve that, organizations should consider and address three specific areas of security.
The first is assessing and understanding what defenders are up against. Threats are multifaceted and varied, Malik explained, but too often “we see all threats presented as one and we apply defenses equally.” Instead, businesses need to focus on the most important threats to them, gauge their root causes and dedicate efforts to stopping them specifically.
Next, organizations should pay greater attention to human-related experiences, because security has a tendency to overspend on technical strategies and fail to consider the experience of everyday users.
Finally, there is a need to better communicate and market security successes, especially to non-security personnel. “Talk about your successes – it may surprise people and shift their understanding about the good job we do as defenders,” Malik concluded.