I believe there is a “denial syndrome” that exists in cyber security. I’m not referring to the “It won’t happen to me” concept, I’m pointing to a deeper and more dangerous belief. In psychology, denial happens when we are uncomfortable with the facts of reality and instead of dealing with it we reject it, insisting it is not correct.
Last week, I had the opportunity to spend a day at a Legal Services Information Sharing & Analysis Organization(LS-ISAO) workshop in New York City, hosted by a leading law firm. Close to 100 security professionals from law firms around the country participated. While most law firms have small dedicated security teams, what was apparent from the beginning was that the challenges ahead of them were not small.