Among other things, complacency can lead to considerable security risks within an organization. There are multiple areas of any organization where security is a concern: employee records, client’s payment information, physical buildings, and proprietary methods or designs, to name a few. When employees are complacent toward security, they are not actively considering potential risks.
Andrew Valentine (2011) describes a widespread organizational problem, which he calls “check-box compliancy”. This occurs when an organization or group within an organization are provided with specific security objectives, and upon meeting those objectives, they become complacent. In their minds, they have achieved security by meeting the minimum standards. The problem with this mindset is that it leads many to stop checking for breaches of security. Because they have designated a particular area as “secure” in their own minds, they are less vigilant in searching for potential threats. Complacency is an attitude of comfort. When employees are too comfortable with the current level of security, they may stop watching for threats.
This form of complacency is not limited to the cyber-world. I remember learning about the Battle of Troy in my Latin class: The Trojans put up an impenetrable wall as defense against their enemies. Because the wall was successful in repelling the Greeks and because they had deemed their city as “secure” in their minds, the Trojans were not wary of other threats. When a large wooden horse appeared outside of the city walls, the Trojans thought it was a gift from the gods. Inadvertently, the Trojans let the Greeks (who were hiding inside of the horse) inside the city walls, which ultimately led to their demise.
Andrew Valentine (2011) describes a widespread organizational problem, which he calls “check-box compliancy”. This occurs when an organization or group within an organization are provided with specific security objectives, and upon meeting those objectives, they become complacent. In their minds, they have achieved security by meeting the minimum standards. The problem with this mindset is that it leads many to stop checking for breaches of security. Because they have designated a particular area as “secure” in their own minds, they are less vigilant in searching for potential threats. Complacency is an attitude of comfort. When employees are too comfortable with the current level of security, they may stop watching for threats.
This form of complacency is not limited to the cyber-world. I remember learning about the Battle of Troy in my Latin class: The Trojans put up an impenetrable wall as defense against their enemies. Because the wall was successful in repelling the Greeks and because they had deemed their city as “secure” in their minds, the Trojans were not wary of other threats. When a large wooden horse appeared outside of the city walls, the Trojans thought it was a gift from the gods. Inadvertently, the Trojans let the Greeks (who were hiding inside of the horse) inside the city walls, which ultimately led to their demise.