SDD - Security Deficit Disorder

July 11, 2016  |  Javvad Malik

Security Deficit Disorder (SDD) is a condition that can impact any size of organization across the world. It can cause significant outages to a business as malware can run rampant, sensitive data can end up on public sites, or customer passwords could be exposed.

In days gone by, businesses could suffer untreated for years, but with rising threats, it is clear no-one is immune. SDD can lead to many issues for businesses, their employees, and customers.

What causes SDD?

Although the exact cause is unknown, there are several environmental, financial, and psychological factors. Some of these include, but are not limited to:

  • The Ostrich-itis: Burying head in the sand and hoping cyber attacks won’t occur.
  • Self-deprecating Risk Management: Convincing the company that they are too trivial and insignificant to be targeted.
  • Scrooge-Security: Trying to implement security without spending any money or time on technology or staff.

What are some of the Symptoms of SDD?

The symptoms of SDD are layered and get progressively worse the longer it remains untreated. Some of the key symptoms which can help you identify sufferers are:

Lack of Asset inventory

When asked what the key assets are or for an inventory of critical assets - SDD sufferers usually respond with a 1000 yard gaze before muttering something about ‘business ownership’

Flat network

Is the network so flat that it could be used as a spirit level? Do words such as segmentation or zones not exist? If so, you could be looking at SDD.

User Management

Is there a proper process in place to manage joiners, movers, and leavers? Or are there more orphan accounts than Oliver Twist?

If the system administrator and the receptionist both have the same access, maybe segregation of duties or privilege account management doesn’t exist.

Vulnerability management

One of the first steps to addressing security is admitting that you have issues that need fixing. Vulnerability scanning helps companies discover where vulnerabilities lie and put in place a prioritized plan to patch or fix them.

This trait that is often lacking in companies that are suffering from SDD.

Behavioral monitoring

A common excuse for not improving security is “it’s always been done this way”.

However, that may not be strictly true. Without a form of behavioral monitoring in place to build up a picture of what normal net flow looks like, or when services are available or not, how can one say with certainty that things haven’t changed?

SDD grows stronger in the company of apathy.

Intrusion Detection

Even companies that have installed anti-virus or a firewall can suffer from what we refer to as type 2 SDD.

That is the absence of intrusion detection capabilities on the network and host. Without these in place, breaches are only discovered when they appear in the news.


Collecting, analyzing, correlating and alerting on events is the key function of a SIEM. However, without the fundamental supporting blocks being in place, such as having an inventory to identify critical assets or knowing what counts as anomalous behavior, a SIEM may not be the complete answer to curing SDD.

Some companies suffer from a milder form of SDD in which they do have a properly configured SIEM in place. However, they lack the staff or rigor needed to investigate and respond to alerts that are generated.

User (un)awareness

Many companies that suffer from SDD have ill-informed staff. Training and awareness is not considered a priority and at most extends to an old poster on the wall reminding staff that security is everyone’s responsibility.

Threat intelligence

For effective security, companies need to be proactive in keeping abreast of the latest threats that can affect them.

Unfortunately, SDD sufferers don’t usually track threats to them and neither are they good at sharing any threat details with their peers. Ultimately, SDD doesn’t just hurt the sufferer, but those companies around it too.

How you can treat SDD

Fortunately, SDD is a treatable condition - and doesn’t need to be expensive either.

The first thing a company should do is to conduct a risk assessment - identifying its critical data, assets, and processes. Once it has been done, appropriate controls should be put in place to detect and protect against threats. Technological investments need not be expensive nor complex, a comprehensive product like AlienVault USM can help organisations detect and respond to threats in an easy-to-manage offering.

Finally, continued vigilance is needed to ensure that the security controls that are in place are working as designed and are still suited to needs.

Together we can fight SDD and build securer companies.

Share this with others


Get price Free trial