8 Dirty Secrets Of The IT Security Industry

Bill Brenner at CSO Magazine is quoting IBM ISS Security Strategist Joshua Corman who has been on a crusade with his 8 Dirty Secrets campaign. Here they are and I'm quoting Dirty Secret #5 which rang oh so true:"
Dirty Secret 1: Vendors don't need to be ahead of the threat, just the buyer
Dirty Secret 2: AV certification omissions
Dirty Secret 3: There is no perimeter
Dirty Secret 4: Risk management threatens vendors

Dirty Secret 5: There is more to risk than weak software
Corman said the lion's share of the security market is focused on software vulnerabilities. But software represents only one of the three ways to be compromised, the other two being weak configurations and people. Unfortunately, he said, the latter two are far more dangerous risks than the big bad software security flaw of the week.

"While we need to find and patch vulnerabilities, we also must understand an organization is only as strong as its weakest link. More attention needs to be paid in mitigating the other two ways beyond software," Corman said.  And the best way to manage the people problem is new-school security awareness training
Dirty Secret 6: Compliance threatens security

Dirty Secret 7: Vendor blind spots allowed for Storm

Dirty Secret 8: Security has grown well past "do it yourself"

Here is the whole article

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews