Is the Equivalent of Smaug the Dragon about to Descend on Your Defences?

By   ISBuzz Team
Writer , Information Security Buzz | Dec 28, 2014 05:05 pm PST

The final instalment of the Hobbit hits the cinemas in time for Christmas. The sleepy villagers are unaware of the devastation that is about to be visited upon them. Could this be an analogy for the light touch defensive IT security environment that keeps your company safe from the possibility of a major breach?

You’re probably thinking at this point, what exactly does the Hobbit and IT security systems have in common, right? Well, for anyone who is  an avid fan of The Hobbit, the question is, is this fictional world of threat and danger a reflection of our technological era?

Free eBook: Modern Retail Security Risk – Get your copy now.

You won’t need me to tell you that Smaug the dragon and the term “destruction” go hand in hand given that the former left the ‘Lonely Mountain’ to wreck havoc upon Laketown. This massive, powerful dragon is characterised by his rage and wreckage, and in this instance, I believe we can refer to Smaug as a metaphor for an obstacle which organisations face today in a world of widely dispersed global enterprise, a dangerous landscape full of threats, risks, and challenges associated with the smouldering stream of data security that looms over the world of enterprise and protected only by the IT security culture barriers that organisations either embrace and implement or fail to recognize the importance of.

Yes, the archetypes we use from the Hobbit to translate the danger of data breach may seem a bit of an over reach, but they are largely true. I state this because a business that fails to invest in information security may as well proceed with the treacherous journey into the heart of the cave, towards the deadly glow of Smaug and await their fate, taking with them a relentless volume of personal data, company information, confidential records, the breach of which could damage brand, reputation, customer loyalty and trust. Ask Sony’s executives, and I’m sure they tell you they feel like a dragon crawled into their digital space!

The obstacles that exist are present across all sectors, and without a defence in the form of a fit-for-purpose information security management system (ISMS), organisations will fall victim to a data breach.

The truth be known, the villain in our world is not Smaug. It is us, you and I, our colleagues, our actions, our lack of engagement, and our inability to adhere to compliance policies and information security procedures. How do we fix this situation? We’re not talking about the James Bonds’ or Zorros’ of the world; we’re simply talking about compliance and achieving this through joined up participation between staff and those managing IT security risks.

The bottom line is that encouraging staff and management to think of security as part of their “Business as Usual” role is a challenge. It took years to put these business procedures in place, and it will take years to put a fit-for-purpose information governance overlay on top.

The key is to start somewhere and to begin building those internal cultural defences before the dragons come.

About MetaCompliance

metacomplianceA fast-growing UK technology company, MetaCompliance has become the market standard for best practice policy management and information security awareness technologies. With its International Headquarters in London and its software development center in N.Ireland, MetaCompliance has a clear vision of making Compliance and IT Security awareness engagement easier for organisations through the development of innovative enterprise software.