Among organizations today, there’s not enough focus on where digital security matters, that is, setting up the challenge/risk. Let’s come right out and say it: if you haven’t been hacked yet, you soon will be.
This is not a surprise to you. You know this. We know this. Other companies know this. And yet, we saw WannaCry spread to hundreds of thousands of organizations via unpatched Microsoft vulnerabilies, Verizon and Dow Jones suffer data leaks due to misconfigured servers, and Equifax weather a breach at the hands of an unpatched vulnerability.
Many companies aren’t just standing idly by, however. They are now spending more and more trying to combat the ever-present threat of cybercrime. Worldwide, cybersecurity spending is increasing year on year and is expected to reach $170 billion by 2020.
So what’s going wrong?
No matter how big a fish you are, how big your budget is, or how much you spend on bolstering your defences, if you’re not spending it in the right place, you are leaving yourself vulnerable to attack. Where should you be spending your budget? The basics would be a good place to start
Why is this so? Craig Lawson said it perfectly at Gartner Security & Risk Management Summit 2016:
New technology is interesting, but not at the expense of the basics. Look at what simple, fast and relatively easy things you should revisit. The data shows this actually will put a big dent in the problem.
At the end of the day, close to all commodity attacks can be prevented just by fixing the basics. And yet, too many organizations are letting foundational controls get away from them.
Too many companies think that by focusing on the latest, most advanced technologies, they can keep ahead of new cyberthreats.
Of course, advanced technologies can (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Chris Fisher. Read the original post at: https://www.tripwire.com/state-of-security/featured/foundational-controls-for-integrity-assurance-part-i/