Thursday, April 4, 2013

"Badges? We don't need no steenking badges!"

All too often I've encountered a certain type of person in an enterprise, business or personal setting who questions the need for a secure network environment. Actually the word "questions" is too weak; this type of person actively opposes network security measures. And very often they're in a decision-making position for their organization. One otherwise intelligent manager that I once worked with recommended that we discontinue our enterprise antivirus and disconnect our firewalls.

What reasons are given for their opposition? "Security is too inconvenient." "We don't have anything a hacker would want." "Security is a waste of money." "I use (a Mac / Linux / Microsoft Security Essentials) and I'm not vulnerable." Despite all evidence to the contrary, such persons throw up obstacles to even the most basic of security measures. How does one deal with such deliberate, even prideful, ignorance?