Gary Varga (4/11/2014)
john.riley-1111039 (4/11/2014)
There are many circumstances in life where we prepare for relatively unlikely events. We install sprinklers and fire extinguishers in buildings,air bags in cars, pilots train for engine failures and forced landings and many other emergencies. We back up our computer systems.
When these things happen, it is better that we have thought about how we respond to them, and put facilities in place to mitigate the consequences.
I am sure many of us have participated in Disaster Recovery exercises. Sorry, it is called Business Continuity these days. Data breaches are just
one of the scenarios you cater for in BC planning.
I suppose just like the security procedures air stewards and stewardesses go through with each flight. They never do it because they believe that there is a risk for that particular flight but because in the unlikely situation that there is a problem then everyone is best prepared.
Even if we think (we can't know) that there is only a very slim chance that the organization's data will become the target of a hacker, another reason for having security best practices in place is to demonstrate due dilligence. In the aftermath of an attack, there is going to be a lot of finger pointing, both within the organization and from external sources like the media, class action lawyers, and law enforcement.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho