One of my favorite phrases is “snatching defeat from the jaws of victory.” The slight modification of the old idiom to reflect an action that transforms guaranteed success into abject failure.
It is also the perfect way to understand how it’s possible for even the most effective, well-written, well-intentioned, and strategically developed cybersecurity policies to become irrelevant.
I’ve seen so many ways a company can completely negate their own cybersecurity. Usually, it involves some level of management errors, the most common being that “these policies don’t apply to me.”
However, there are many ways, some much less obvious, for management to undermine their company’s own cybersecurity policies.
And, by extension, making their company, their employees, their customers, and themselves less secure.