Last night the Kansas City Royals lost a baseball game to the Minnesota Twins by a score of 19 to 1. That tied the worst loss in the teams history. Wow!
I grew up listening to the Royals on the radio almost every night. Those were the days when the Royals were almost always in contention for the top spot in their division, led by players with names like Otis, Rojas, White, Brett, Mayberry, Busby, and many others. That does not seem to be the case now…
I keep wondering how this can happen? Last night it came down to pitching and hitting. The Twins kept hitting everything that the Royals threw, and the Royals didn’t. Someone on the Twins roster hit his very first major league home run – and it was a grand slam! (not good) The inability of the Royals over the past 20 years to regain their former status comes down to execution by players and management.
Now, let’s take a leap over to the information security things that I normally write about.
Last night’s loss illustrates an important point that we all should remember. Unless we are diligent, it is easy to allow gaps to appear in what we are doing to protect our networks and important information.
Just as there was a huge gap last night between what the Royals didn’t do and what the Twin did do, so there is often a big gap in our protection measures. We get busy doing stuff, and allow little holes to appear.
This easily happens regardless of industry. There are federal regulations and industry guidelines to help us do the right thing. But if we don’t regularly evaluate what we are practicing, then gaps appear.
- How long has it been since you have reviewed your firewall configuration?
- How about reviewing your logs for suspicious activity?
- When was the last time that your policies were reviewed? Do they still fit your organization?
- Is your patch management plan being followed?
- Are you doing vulnerability assessment? How about pen testing?
- How do you ensure that your software developers are baking good security practices into their code?
Thought should be given to these, and many more, questions about your security practices. The Bad Guys are constantly looking for gaps in your coverage.
Don’t let yourself develop gaps that are too big and costly to overcome. Don’t have a game like the Royals did last night.
- Dan
