Should you ever DIY cyber security?

When it comes to cyber security a have-a-go attitude can lead to more than just a burst pipe

What’s in your cyber security toolkit?

I’m pretty darn good at DIY, even if I say so myself. I think my ginormous IKEA PAX wardrobe stands testament to that, along with my immaculately glossed front door and wonderfully tiled kitchen. But there are some things I won’t touch, for example after trying to take a radiator off a wall and ending up with water pouring out the pipework I’ve crossed plumbing off the list, and I’ve always left electrical work to the experts (hi Dad!).

Personally I think the DIY, have-a-go mentality of the British is something to be proud of. 60% of us will tackle a project every spring and together we support an industry estimated to be worth £8.3bn in 2017.

But, as I am only too aware post “radiator-gate”, sometimes this attitude can cost us more than it saves. It’s reassuring to know I’m not alone in botching up the odd project, current estimates reckon professionals have to put right about 3.3 million DIY disasters every year.

But while this may be costing the average homeowner around £3,000 a year (that’s a LOT of radiators) when corporate DIY projects go wrong the costs are on another level.

In fact if you read some of the horror stories on International Project Leadership Academy’s website you’ll see that the DIY mentality has spread to the corporate world. In fact in the “Common mistakes” section their number 1 item is “The underestimation of complexity, cost and/or schedule”.

So while some organisations may have the luxury of taking their time to find and hire people with the right knowledge so they have the expertise in-house, for the majority of companies often headcount and budgetary restrictions just don’t allow it. And it’s ultimately costing them more.

DMARC & DIY

I see perfect examples of our proud DIY heritage on an almost daily basis when I talk to organizations looking to implement DMARC. I’ll often hear “it’s an open standard, why do I need you to implement it?” It’s a fair question, and I understand why people ask it so I’ll share with you what I tell them (lets see how far I can stretch the DIY analogy… ready?)

“You are absolutely entitled to try and implement DMARC (install a new hallway light) yourself but what you’ll quickly find is the dense DMARC XML reports (two-way switching wiring) hard to interpret and without a specialist on the team (hello again Dad) who has time to dedicate to the project it can quickly get pushed back or abandoned.

This is borne out in recent a survey* of the top 2 million public websites of the mere 3.4% who had started a DMARC project, two thirds never made it to quarantine or reject.

Not only is that a lot of companies who aren’t even starting their DMARC journey, that’s nearly 35,000 organisations who are losing their way due to a combination of not enough time, resources or expertise.

So all DIY similes aside, what buying a product from a DMARC expert really gives you isn’t just something which is free anyway, but access to tools and specialists who will help you to not only get to p=quarantine or reject more quickly, but stay there.

Look before you leap

My advice? Before you embark on your next DIY project do your research and be honest about your skills and what time you have available to tackle the task. Otherwise you’ll end up not only wasting time and money trying to achieve the impossible, but you could make things worse through misconfiguration.

Something like our buyer’s guide will give you all of the insight you need to make that judgement call so you can call the experts in to begin with, and not be stuck sitting in the hallway emptying a rapidly filling bucket waiting for the plumbers to arrive (yes I’m talking about the radiator again!).

*Conducted by Red Sift in October 2017

PUBLISHED BY

Clare Holmes

28 Nov. 2017

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
News

Introducing DNS Guardian: Stop impersonation and spam caused by domain takeovers 

Rahul Powar

tl;dr: We’re thrilled to announce DNS Guardian — a new feature in Red Sift OnDMARC that can swiftly identify and stop domain takeovers that lead to malicious mail. Back in February, we shared updates with the community about SubdoMailing – an attack discovered by Guardio Labs. The attack was a form of subdomain takeover,…

Read more
News

Meet Red Sift Radar: The Skilled Up LLM That Finds and Fixes…

Rahul Powar

After months of beta testing and feedback, we are excited to announce that Red Sift Radar, our skilled up LLM offering seamless integration with Red Sift OnDMARC, is now commercially available.  With Red Sift Radar, security teams can detect exposures, prevent configuration drift, and classify assets or suspicious activity without adding additional headcount. By…

Read more
News

G2 Fall 2024 Report: Red Sift OnDMARC Wins Big

Francesca Rünger-Field

We’re delighted to share that Red Sift OnDMARC’s winning streak continues. This Fall, we’ve once again been named a Leader in G2’s DMARC category, achieving recognition in both the overall Leader category and Europe for the first time. This recognition is based on our high Customer Satisfaction scores and strong market presence. Red Sift…

Read more
Cybersecurity

Resilience Rising | Episode 3 with Kevin White

Red Sift

In this episode of Resilience Rising, Sean Costigan, Managing Director of Resilience Strategy at Red Sift, and Kevin White, Senior Operation Consultant with Enhanced Information Solutions, explore the critical intersection of wastewater management and cybersecurity.  The two highlight the health and operational impacts of cyber threats on water utilities, emphasizing the vulnerabilities due to…

Read more
Certificates

Your guide to PCI DSS 4.0 Cryptographic Requirements

Rebecca Warren

The Payment Card Industry Data Security Standard (PCI DSS) is a globally recognized framework designed to protect cardholder data during processing, storage, and transmission by merchants and service providers. PCI DSS outlines a set of stringent security controls that organizations handling payment card information must implement to mitigate the risk of data breaches and…

Read more