Information Security Truths

Author: shadowpuck | Posted on: December 25, 2018

It’s 2018, why are we still seeing reports of large breaches and failures to secure data?
It’s simple – businesses only make changes when there’s pain involved.
Right now, there’s more pain (to the business) in doing things “the right way” than there is in dealing with the breach.

Keep in mind, attackers:

  • do not care about your audit scope
  • do not care about your compliance framework
  • do not care about your unqualified audit reports
  • do not care about your exceptions – meaning, they will still attack systems that are unpatched because of “approved exceptions.”

When thinking about security, think about how attackers think, think about how they would get into your systems and networks.  Think about how they would go after your users.  Test your security and response from that perspective.