Author: Shadowpuck | Posted on: March 25, 2018
I’ve been in infosec, computer security, cybersecurity (whatever its called this week) awhile now and if I could tell businesses one thing….
Attackers do not care about:
- your audits
- your penetration tests
- your compliance framework
- what standards your policies are based upon
- what’s “out of scope”
- your logon banners
the real world has shown over, and over again that attackers find way into systems – just accept it. all of that list above serves a purpose for your security team and your overall security program, but at the end of the day if you are not preparing your internal teams to handle real attacks then you are doomed to becoming a headline. security is not just an IT or security team problem – everyone, from the highest level C-suite or executives all the way to the receptionists, is part of the security program.
ok, maybe that was more than one thing.