Oliver Rochford published short article on cybersecurity maturity and it’s failings. The article touches on some interesting points. Especially on how vendors, investors and the media rely on flawed statistics, surveys and a fair dose of wishful thinking in assessing the security maturity of the average enterprise, projecting market growth and product viability.
Author describes his experience, at Gartner and as a penetration tester. For example, he never conducted a project where he needed more than off-the-shelf open source tools and known exploits to breach an organization.
Three main failings considered in this article:
- Relying on prevention
- Relying on technology
- No management buy-in
Good security, and especially effective monitoring, requires people and processes.
[Read More]