Here is my 2 cents. The game has changed. There is something about your organization that sets you apart from your own competition, makes you stand out among the crowd. Whether it is your sales processes, your business model, your innovative ideas or your project management frameworks. Let alone your legal documents and email archives. All of these are being targeted in an effort to gain international competitive advantage and results in the further lack of economic growth in the countries they have been exfiltrated from. In the U.S., as well as most other nations, national economic security is reliant on the security of every organization and company that contributes to it. And every organization and company that contributes to it is responsible for securing their own business critical assets. I've posted my own views on this before. Security is subjective and there are no effective standards that everyone must conform to regarding the protection of their own methodologies, secrets and intellectual property. There may never be such standards, which means a heightened awareness must be developed and cultured. Peer groups encouraged to discuss methods, controls and metrics. Data loss needs to be publicized so the general public begins to realize the scope of what is happening. And for the love of whatever you may find holy, people, stop allowing weak passwords. I've been in this industry almost 20 years now and weak passwords and policies are STILL one of the top mechanisms of compromising systems. If we can't improve on that one in 20 years how can we have faith that all the companies that today support our nation's economy are able to defend themselves against the latest zero-day vulnerability that was spear-phished to a member of their executive council?
