1. Security isn’t just one person’s responsibility - To be truly effective, we need to develop a culture of security that transforms it into a company-wide effort. In most organizations, it is believed that security is either the responsibility of the security administrator or the chief security officer. It is the responsibility of everyone in the organization from the foot soldier to the king.
2. Hackers Hail from All Over the world (maybe even beyond) – Your hacker can hail from any part of the world. The organization can be attacked from any part of the world and this cannot be limited to just your district or state or country your organization is based out of. Well, Thanos was nowhere from this world and still he wanted something from Earth.
3. You need to be a team player – Security team needs to work with various cross-functional teams to achieve results. Avengers is what team means and you need to be a team player and keep aside your differences to ensure security is implemented in the best manner possible.
4. Communication is key - Your coworkers will always have different ideas, motivations, and communication styles than you do — so it's imperative that you take the time to actively listen to the other members of your team when they speak up with their ideas or objections.
5. Good security comes in layers – You're on a battlefield. There's an impenetrable mass of troops in front of you. You can't possibly break through it. What do you do? Defense In Depth is an ancient military strategy designed to solve exactly this problem. The battle in Wakanda shows that we need to be prepared on multiple fronts to save our precious infrastructure.
6. Improving security isn’t a one in a lifetime activity – If you have followed Iron Man, who is an integral part of Avengers, you would appreciate the changes which he has brought into his suit. The latest Iron Man’s suit in Avenger’s Infinity War boasts of Nanotechnology being integrated into it. In a similar sense, we need to bring about changes in our security deployment basis the risk assessment done on a continuous basis.
7. Preparing for the Inevitable – We need to be always prepared for the inevitable. Security isn’t a morning activity which needs to be performed once in the morning like brushing your teeth. Being prepared for an attack 24*7 by implementing various security controls is the key to survival.
8. Beware of “red flags.” – When security teams highlight the vulnerabilities through risk assessments, internal audits or when the SIEM tools beep continuously, do not ignore those red flags. If you ignore these early warnings, you may end up getting half of your organization’s finances and brand value wiped in no time.
Image Courtesy : Google & Marvel.
