No wonder we keep getting breached…

Dark Reading’s 2021 Strategic Security Survey was highly informative, not only in what it did include but also in what it did not. In particular, when asking 150 technical and cybersecurity professionals to rate the effectiveness of cybersecurity practices, there are 3 practices in particular that leaped out at me as missing from the survey results table. Want to guess which they are?

Dark Reading’s 2021 Strategic Security Survey

Asset Awareness, Secure Configurations, and Patch Management are the foundational practices for any cybersecurity program. Whether this is something that was left from the survey by the survey designer or whether nobody brought this up as an issue I don’t know, but I find this exclusion both highly interesting and disturbing. Michael’s Rule #1 of Cybersecurity: You can’t protect what you don’t know you have!

Knowing what you have, configuring it properly, and keeping it patched are foundational security measures, but again and again, I find these are the areas where companies are most deficient in their security programs. Why? I think there are multiple reasons, ranging from operational challenges to conflicts on responsibility between IT and IS, to the sheer volume of work required to do it right. It’s not sexy, but it’s what keeps your security ship afloat. The fact that it is done so poorly across so many organizations (especially the government) says a lot about the crisis that exists in business and why so many organizations, large and small, are constantly being breached, ransomed, and exploited.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s