The SolarWinds Hack
The SolarWinds affair is simply another incident in a long pattern of intrusions.
The SolarWinds Hack Read MoreTag: Prioritizing Cybersecurity
Prioritizing Cybersecurity – Given our analysis, we believe there is a harsh reality lurking beneath the surface within many organizations. While they may be saying the right things in public to satisfy investors, underwriters, and customers, there is an apparent lack of urgency in promoting a truly resilient and secure organization.
—CACM, “Cybersecurity: Is It Worse than We Think?”
The point is that from a security professional’s perspective cybersecurity is not given enough priority, not in light of the breadth and depth of security threats that do exist. It’s a matter of risk management. Prioritization depends on perspective and risk tolerance. C-suite types and shareholders prize Return on Investment and see the expense of cybersecurity as of questionable return. Security practitioners struggle to communicate the risks in terms of ROI. For the same reasons it’s hard to prove a negative, it’s hard to prove the value of prioritizing cybersecurity until a compromising event occurs, but by then it’s too late and the damage is done…
Cybersecurity: Is It Worse than We Think?
[In this article, we] seek to complement the myriad security research notes by investigating specific cybersecurity practices within organizations to evaluate where organizations are showing improvement, where they are stagnant, and what may be influencing these changes. Our results confirm that cyber-security continues to receive attention on the surface, but when looking beyond surface-level impressions a surprising lack of progress is being made.
Cybersecurity: Is It Worse than We Think? Read More