Is the cybersecurity community’s obsession with compliance counter-productive?
Mike Starr
August 29, 2023
Show me a large enterprise that was breached and I’ll show you a large enterprise adhering to multiple compliance standards.
News, stories and insights from the team at trackd
Show me a large enterprise that was breached and I’ll show you a large enterprise adhering to multiple compliance standards.
Starr sheds light on the significance of considering the human factor in cybersecurity breaches. He emphasizes the importance of collaboration and empathy between different teams and how vendors can contribute to fostering a more collaborative
IT professionals endure a lot more criticism for causing downtime when patching than they do for patching too slowly, so their default state is to be exceptionally cautious while absorbing the cyber risk of exposed
“I really enjoyed our cybersecurity self-training today, and really plan to change my behavior as a result of it” said just about no one anywhere, ever. And yet, when the topic of the “human factor
You don’t need to be a Large Language AI model or cyber spy to conclude that diligent and regular vulnerability remediation is a foundational element of enterprise cyber defense. If you were to embark on
Much more commonly, it’s the CISO and senior cybersecurity professionals that serve as the CEO’s scapegoat in the event of a major breach. Yet, it’s voluntary resignations that are primarily responsible for CISOs holding the lowest average
So even with the knowledge that 98 out of 100 patches are safe to deploy, remediation teams are unlikely to modify their processes to patch more aggressively any more than the average person would change
The primary new technology for server patching uses crowdsourced data on patches that have been applied to help guide remediation teams and highlight patches that have a history of disruption, and perhaps more valuably, those
Tell us when patches are disruptive? Sure. But more importantly, let us know when they’re not, information that’s potentially much more actionable.
As an IT or cybersecurity pro, much like a closer in baseball, you’re only the star of the movie when you fail, and when you succeed, it’s expected, and let’s face it, unappreciated. Day-in and
Show me a large enterprise that was breached and I’ll show you a large enterprise adhering to multiple compliance standards.
Starr sheds light on the significance of considering the human factor in cybersecurity breaches. He emphasizes the importance of collaboration and empathy between different teams and how vendors can contribute to fostering a more collaborative culture.
IT professionals endure a lot more criticism for causing downtime when patching than they do for patching too slowly, so their default state is to be exceptionally cautious while absorbing the cyber risk of exposed vulnerabilities.
“I really enjoyed our cybersecurity self-training today, and really plan to change my behavior as a result of it” said just about no one anywhere, ever. And yet, when the topic of the “human factor in cyber breaches” is discussed in any forum, recommendations always revert to the mean (and the cliche’): cybersecurity training.
You don’t need to be a Large Language AI model or cyber spy to conclude that diligent and regular vulnerability remediation is a foundational element of enterprise cyber defense. If you were to embark on a comprehensive security system design for your home, for example, you might consider alarms, video cameras, and even a guard dog, but you’d probably start by fixing the broken locks on your first floor windows. And that’s exactly the same thought process enterprises should adopt when defending themselves against an ever-expanding and sophisticated pool of attackers.
Much more commonly, it’s the CISO and senior cybersecurity professionals that serve as the CEO’s scapegoat in the event of a major breach. Yet, it’s voluntary resignations that are primarily responsible for CISOs holding the lowest average tenure figure among C-suite executives, lasting just 26 months compared to 5.3 years for their C-level counterparts.
So even with the knowledge that 98 out of 100 patches are safe to deploy, remediation teams are unlikely to modify their processes to patch more aggressively any more than the average person would change their decision to play Russian Roulette with a gun with 100 chambers and only 2 live bullets.
The primary new technology for server patching uses crowdsourced data on patches that have been applied to help guide remediation teams and highlight patches that have a history of disruption, and perhaps more valuably, those that have a history of safe deployment.
Tell us when patches are disruptive? Sure. But more importantly, let us know when they’re not, information that’s potentially much more actionable.
As an IT or cybersecurity pro, much like a closer in baseball, you’re only the star of the movie when you fail, and when you succeed, it’s expected, and let’s face it, unappreciated. Day-in and day-out, that ain’t easy.
Copyright © 2022-2024 trackd, inc.
All rights reserved.
Copyright © 2022-2024 trackd, inc.
All rights reserved.
Copyright © 2022-2024 trackd, inc.
All rights reserved.