CONSULTANCY, CERTIFICATION & COMPLIANCE – How Effective?
The effectiveness of this model was for long in question both as a mode of prevention & the capability to respond to highest level Cyber Attacks on Critical Infrastructure & the like. “WannaCry” has ripped open the gaps in our cyber security systems worldwide from NHS, UK to FedEx to Telefonica of Spain. The consultants, certification & the audit mechanism have always made us believe that we are sailing in safe waters but the reality as on date is that we are in midst of a Cyber Tsunami.
The 3 Cs feed into our documents & documentation end to end. This was touted as a fail safe model with huge costs involved for the companies. This is what I term as the 3CsD model, which in a phase of no big hacking has supposedly withstood the test of time only to bring us to a stage where the crevices have become to wide to ignore. The businesses have got enmeshed with a terminal disease, to say the least.
With all documentation & compliances in place, why have we landed in such a situation? With shareholders money being frittered on non-performing security, who takes the blame today? Is it the consultancy, certification, audit companies or the business enterprise or is it businesses as usual & all loss is put on the customer / user & indirectly on the shareholder as well.
Whatever might be the terminology or the process, it’s outsourcing all the way. The outsourced entity further outsources it to small vendors having little or no competencies to handle cyber security challenges of this level. Disjointed can be an understatement of the malaise in the Cyber Security ecosystems globally. Otherwise, how to explain the usage of end of life operating system & absolutely no patch managed in place, even by the best known business entities of the world.
A wake up that can only be ignored at our collective peril.
3CsD FORMULA HAS FAILED. COMPETENCIES BASED OWNERSHIP CAN ONLY SUCCEED.