“Fake It ‘Til You Make It” Doesn't Work in Cybersecurity
“Fake it ‘til you make it” – a term that I have heard a thousand times and have probably used before and never thought much of it. That’s until I heard my 14-year-old say it. Let me give you a little context – my son is a freshman in high school and has been in six different schools since the first grade. Military moves caused this, he’s not a kid who keeps getting kicked out of school (just in case you were thinking that)! He has always received great grades without putting forth much of an effort. 9th grade has been no different, but over Christmas break he was supposed to finish reading a book with a test taking place upon his return to school. When my wife asked him about it, he told her he hasn’t completed it yet. So of course, she follows up by asking him when he’s going to do it. His response was, “I’m not! Fake it ‘til you make it, Mom! I haven’t read it up until this point and I’ve passed each test”.
When word of this travels to me, I get annoyed to say the least. I approach him and question him on it, and he tells me the same thing, thinking he’s funny. I respond with, “No, it should be called fake it ‘til you fail”! Makes more sense doesn’t it? You can only fake it for so long – at some point if you don’t put the work in, you are going to be found out to be a fraud. Not to mention you will be so used to cutting corners that you will never know how to actually put the work in when that time comes. So, it becomes lecture time for my poor 14-year-old…
I am currently an IT Security Consultant / IT Auditor with Compass IT Compliance. A large part of my workload over the last year or so has been as a Virtual CISO for numerous companies. Some bigger, some smaller, but all with the same goal in mind: improving their overall security posture, protecting sensitive data, and growing each individual business in a secure manner. Companies of all sizes are asking for security questionnaires to be filled out in an effort to understand the security measures that are in place before partnering with them or hiring them as a vendor.
Coming back to the lecture with my son:
Me: Please explain fake it ‘til you make it for me?
Him: I don’t know, I was just joking
Me: Give it a shot – what do you think it means?
Him: You just kinda pretend that you did something until you get to where you want to be
Me: What happens when you get there?
Him: I dunno
Me: Exactly!
Let’s take this thought process and bring it to a cybersecurity conversation. Any business or company, as it has a level of success and as it matures will be asked a series of questions as it pertains to their information security program. These questions are in place to evaluate the risk associated with working with a company. For example, does your company have:
- Security Policies and Procedures
- Security Training Awareness Program
- Incident Response Program
- Business Continuity Management Program
- System and Network Monitoring and Logging
- Change Management
Now think about fake it ‘til you make it. Can you fake some of this? Sure. It might get you some business in the short term. How do you ensure you make it though? You need to put the effort in and invest in building a strong information security program! I have seen it first-hand; companies will answer yes on a questionnaire and then cross their fingers that they aren’t asked for evidence.
In the world of cybersecurity, fake it ‘til you make it doesn’t fit. Fake it ‘til you fail or fake it ‘til you get compromised and hacked seems more appropriate! You can say you have a comprehensive security program in place even if you don’t. You might even get away with it for a short time, but eventually you will fail. A user will click on a bad link because they haven’t had training, or act in a malicious manner because they have unrestricted access to all the data residing on your network. An event will take place that you haven’t planned for and not only will you lose the vendor or the clients that were affected, but you could potentially lose everything once word gets out!
Don’t fake it! Put in the work and take the steps necessary to ensure the success of your information security program and your business as a whole!
Contact Us
Share this
You May Also Like
These Related Stories
No Comments Yet
Let us know what you think