Act 1 - Security Theater in Play

“Cybersecurity theater refers to actions that purport to reduce risk, without actually doing so, and it’s endemic. The size and complexity of the digital asset base is now so significant that cybersecurity leaders can’t keep up with the demand to pretend to protect everything, let alone do so.” (Gartner, 2023)

It was a true pleasure reading this piece by Gartner! It addresses the question I’ve had for years now…Why are so many people/organizations spending time, effort, and money on security where the value is unclear, but the ROI is calculable? It seems that the focus is often placed on SLAs (Service Level Agreements), rather than on the actual value of security.

It’s important to understand that compliance often gets confused with cyber resilience. That is why, instead of maintaining the status quo of dependency on vendors and consultancy, we should be focusing on growing actual responsibility by building self-reliance in security operations. Meaning, we need more theater critics and even one step beyond - to become mavericks!

But, in life, it is a human trait to keep our illusions intact. While this sense of control is important for us, and I totally get it, we need to be more brave! Because often, this feeling of control might be misleading, as criminals continuously exploit it to expand their attack surface.