On this Easter Sunday the prayers are silent. For family, friends and also for the subject matter experts in business and the U.S. government. They have been waking us up again to the reality of the Operational Risks we now face, to our ubiquitous digital-based economic infrastructure. The message is clear to those insiders, who have been trying to defend our "Digital Castles" against tremendous odds of these seemingly invisible threats. Is it really, game over?
The short answer is yes. The current mindset should be, that every major business of valuable interest in the eyes of the enemy has already been compromised or soon to be. It is already too late. The stealth digital code is currently waiting in the shadows of your organizations hundreds or thousands of digital assets. Whether it is the aging Dell Tower Desk Tops still running on Windows XP somewhere or the latest Android PDA/Apple IOS devices tethered to the corporate network does not matter. Your adversary has control of when and where to begin the attack on you and your organization. To illustrate the point, Shawn Henry had this to say in a recent interview:
The new normal for forward thinking organizations is already being implemented for adverse events. The Crisis Management Team has already exercised the "Data Breach" scenario numerous times. Your General Counsel and Chief Information Officer have rehearsed and practiced their testimony before opposing and adversarial questioning of your organizations information security processes. The company subject matter experts are more than prepared to submit evidence of their best practices, industry standards compliance and previous tests of due diligence. The stage is set for the court room battles ahead:
The quest for the "Digital Castle" has been going on for years. Are you awake now or still living in a dream of denial on your state of achieving a Defensible Standard of Care? Our Father who art in Heaven...