trackd_logo_dark-1

The trackd blog

News, stories and insights from the team at trackd

There's way too much hype about exotic cyber attack vectors...the old ones are working just fine for the bad guys.

Let’s Ease Up on the Cyber Criminal High Tech Hype

It probably makes sense to take the hyperventilating stories of cutting-edge attack vectors with a grain of salt. There will come a day when the primary means of initial penetration become obsolete or are abandoned

The Human Factor in cybersecurity isn't synonymous with just phishing

Consider the human factor in cyber breaches

“I really enjoyed our cybersecurity self-training today, and really plan to change my behavior as a result of it” said just about no one anywhere, ever. And yet, when the topic of the “human factor

Breaking the Cycle of Cybersecurity PTSD

Breaking the Cycle of Cybersecurity PTSD

Much more commonly, it’s the CISO and senior cybersecurity professionals that serve as the CEO’s scapegoat in the event of a major breach. Yet, it’s voluntary resignations that are primarily responsible for CISOs holding the lowest average

Operational risk is the primary challenge to aggressively mitigating cyber risk.

The Never-Ending Battle: Routine Patching vs. Operational Stability

It’s time for vulnerability management technology innovators to spend less time identifying and reporting on vulnerabilities, and more time building tools to help IT teams fix them more efficiently…and without their fingers constantly crossed.

There's way too much hype about exotic cyber attack vectors...the old ones are working just fine for the bad guys.

Let’s Ease Up on the Cyber Criminal High Tech Hype

It probably makes sense to take the hyperventilating stories of cutting-edge attack vectors with a grain of salt. There will come a day when the primary means of initial penetration become obsolete or are abandoned by the cyber criminal community in favor of something revolutionary. However, the cyber security community – the good guys – will first need to render them ineffective and, unfortunately, we don’t seem to be close to achieving that reality.

Mike Starr Of trackd On Embedding Security in Product Design and Development

The only thing that matters is whether the person responsible for product security is able to convince all stakeholders to care about the risks associated with the absence of secure software development practices or not. If they’re unable to do this then building security components into software will always be driven reactively as a result of an incident.

Are we more concerned with compliance than we are security?

The Cost of Compliance: What Charles Goodhart, Bill Murray, and Cybersecurity Have in Common

As a cyber security community, we need to re-think our commitment to – and investment in – compliance. Can we all agree it’s not working? If successful breaches were confined to organizations that either didn’t invest in compliance or were unsuccessful achieving it, then we could talk. But we all know that’s not the case. We need to start thinking about taking that 40% and investing more in the things that have the best chance of making the bad guys’ lives more difficult. We won’t win every battle, but at least we’ll be fighting the right war.

The Human Factor in cybersecurity isn't synonymous with just phishing

Consider the human factor in cyber breaches

“I really enjoyed our cybersecurity self-training today, and really plan to change my behavior as a result of it” said just about no one anywhere, ever. And yet, when the topic of the “human factor in cyber breaches” is discussed in any forum, recommendations always revert to the mean (and the cliche’): cybersecurity training.

Patching vulnerabilities is the first and best step to securing the enterprise.

Even ChatGPT “Thinks” Patching Vulnerabilities is the Best Way to Secure an Organization

You don’t need to be a Large Language AI model or cyber spy to conclude that diligent and regular vulnerability remediation is a foundational element of enterprise cyber defense. If you were to embark on a comprehensive security system design for your home, for example, you might consider alarms, video cameras, and even a guard dog, but you’d probably start by fixing the broken locks on your first floor windows. And that’s exactly the same thought process enterprises should adopt when defending themselves against an ever-expanding and sophisticated pool of attackers.

Breaking the Cycle of Cybersecurity PTSD

Breaking the Cycle of Cybersecurity PTSD

Much more commonly, it’s the CISO and senior cybersecurity professionals that serve as the CEO’s scapegoat in the event of a major breach. Yet, it’s voluntary resignations that are primarily responsible for CISOs holding the lowest average tenure figure among C-suite executives, lasting just 26 months compared to 5.3 years for their C-level counterparts.