This year the RSA conference started quietly amidst Coronavirus news from across the globe. 14 companies pulled out before the event started including IBM and AT&T with Google announcing it would be delivering it’s NEXT conference digitally a week later. The theme of this year’s event “The Human Element” given the circumstances, was quite fitting. The overall attendance was down 14% and endpoint security was the hottest topic. RSA had no idea what was around the corner, but nonetheless “The Human Element” and focus on endpoint security held some irony.
Taking the train to San Francisco from The South Bay, folks were wearing masks but for the most part everything seemed business as usual. As our team arrived onsite things appeared normal except for the additional hand sanitizing products. Vendors were offering candy in large containers which in hindsight seemed like a strange process for delivering “sales assets”. Thinking back in retrospect with everyone hand shaking, and speaking in close knit groups I can’t help but wonder if we could have been more prepared. In no way does this infer that RSA had poor health practices, as this was the very beginning of this global change.
Fast forward to today and “The Human Element” has shifted. We have all turned into isolated endpoints adhering to a strict process. However, simple things like hand sanitizer and Clorox wipes used to wipe down shopping carts and baskets have been surprisingly absent from large established grocery stores across The Bay Area. As a matter of fact, they are still not commonplace as this post is being written. These processes and procedures are extremely simple to implement, but require a forward thinking mentality. This speaks more to us as a society that tends to overlook risks that don’t concern us immediately. This lack of initial seriousness combined with a very nasty virus has left us where we are today.
We are now learning as a society how important it is to use proper health and hygiene practices by following standards and procedures like hand sanitizing and social distancing. This post isn’t meant to explain proper coronavirus etiquette, it was meant to highlight the importance of proper procedure and how procedure can truly mitigate the Human Element of risk. That being said I recommend The Center of Disease Control’s article on “How to Protect Yourself”, which is something all of us should read
This leads to our next topic. One of the biggest risks for companies operating in the world today is lack of process and procedure to deal with risk. People tend to fix immediate problems and move on. To combat this we need to take time to reflect on our personal policies, procedures and personal security. Taking the time to audit business and personal practices before something bad happens is of paramount importance considering what we are facing. This holds true both for the consumer and a large corporation. For instance, when an individual’s credit card data has been stolen, or a corporation finds a breach, there are ripple effects. To the consumer it may be calling a credit card company, canceling accounts, loss of assets/cash or filling out forms. Then realizing they should have downloaded software like Malwarebytes for endpoint protection. For a large corporation it could be internal surveys, stressful post mortems, forensic analysis, loss of brand equity, cash…etc An individual will self audit and ask “How can I prevent this from happening?” or “What steps can I take to ensure I never experience this again?”. These reactions and questions occur for both the individual and the large corporation, and usually result in more robust security measures respectively.
Biarca Inc, works with many corporations by helping them stay ahead of risk by developing their security programs. Helping companies shift left by moving security practices and controls to the beginning of business activity, such as software development is critical. Developing or adopting a compliance framework is the first step in building proper process and procedure. Let’s connect on how we have been operating and share how we can start securing your systems/business practices.
Author: Jake Pearlstein