Hack The Planet

Because if you don't, who will?

Tuesday, October 28, 2008

How do you define ROI?

Everywhere I look I see links talking about ROI and let our tool show you how we can get you more ROI. Well, what is ROI? I get that ROI stands for Return on Investment and that it defines what monetary value this product will give you or save you for purchasing said product. Well, that is great when the ROI tool is designed by the person trying to sell you the product. I have some swamp land in Florida at discount prices if you are interested.

Seriously though, how can you show true ROI on a security product when the reason to purchase the product is to limit your risk of losing money through losing critical data, being DOS’d or having your competitors get your secret formula for that super secret project you are working on? You are purchasing the product to alleviate risk, some of which is unknown. It is very difficult to show true ROI because it is an unknown quantity. How much will you be fined for losing those 1,000,000 customer accounts? How much is your next product worth if you get it out before the competitors do? It is easier to build a case if you know what you are protecting and why.

When the reason to buy security is specifically ROI you are buying it for the wrong reason. Yes you do want to show that your purchase saved you countless headaches and hours or days of work when you are trying to recover from an incident.

It just seems like people want to “buy” security but don’t care if they are actually securing their networks and endpoints or have secure practices in place.

When you start looking to secure your network don’t settle for some fancy ROI chart. Look at how it will affect your infrastructure and make sure that it actually works. If you don’t, then I still have that swampland for sale at a low, low price.

posted by holliday at 12:12 pm  

Tuesday, October 14, 2008

Hacking has changed…duh?

I was just reading an article that was talking about Mafiaboy and what he is doing now, 8 years after knocking Yahoo offline. It struck me that “hackers” have changed from tinkerers to mafia types.

Once upon a time Timmy, hackers were people that just wanted to see what would happen if they touched that button or changed this byte. Now they are going around mugging tourists and they don’t care how they do it. There is so little curiousity left in the next generation of hackers that when the previous generation dies off from vitamin D deficiency all the tools will be lost also. Or at least new iterations of them.

All of the new attacks and new vulnerabilities seem to be coming from the previous generation. How do you teach innovation? How do you teach curiousity? I don’t think you can.

posted by holliday at 1:33 pm  

Powered by WordPress