Just like every previous year, the 2016 Verizon Data Breach Investigations Report (DBIR) highlighted the same, sad fact – attackers are getting more sophisticated, the number of attacks are rising, and so are attack success rates. Not coincidentally, the reasons for these increases come down to the same old things – poor patching processes, lack of visibility and control over critical configurations, and an inability to focus one’s limited resources on the right things.
Patching? Configuration? Prioritization? Really? When I started in this industry over a decade ago, patching and configuration management were the hot topics, yet we still haven’t made much headway on these fronts. All those cool patch and configuration management vendors got gobbled up by the big guys and were forgotten as we quickly moved on to the next big buzzword – CLOUD (as if it was something new and not just another fancy word for hosting). And then BIG DATA hit the scene. And now, User & Entity Behavior Analytics (UEBA), which every vendor under the sun is staking claim to if they can do some simple analysis and output a standard deviation report (by the way, there’s another cool word to describe that capability; “statistics”).
It’s 2016 and year after year we read the Verizon DBIR only to find it’s the same old things biting us in the butt. I know it’s cliché, but there’s a reason why in every business, in every sport, in every relationship, and really everything in life, success and failure ultimately boil down to the strength of the foundation something is built upon. Built your house on salt or sand? It’s gonna sink. Have freakish athletic ability, but no technique or understanding of the game? You’re not going to make it in the NFL. Have every technology listed in Gartner’s Magic Quadrant, but refuse to spend the time necessary to ensure your systems are patched properly? You’re gonna get hacked!
I like cool stuff and advances in technology as much as the next guy or gal, and I can certainly get wrapped up in the hype of something that looks promising or revolutionary as well, but we have to resist the urge to buy into every buzzword and think there’s going to be a “one-click, problem solved” solution to every problem. We have to stop thinking that if we protect the perimeter, we won’t have to worry about what’s going on inside the bubble.
What we need to do is get back to the basics, make sure our fundamentals are sound, and then layer on all the space-age tech that will complement our rock solid foundations. It is at this point that our lives will get easier. It is at this point that we could even potentially turn the tables on the bad guys and be in the driver’s seat. Let’s get back to the basics.
Don’t miss a post! Subscribe to The Insider Threat Security Blog here:
As General Manager, Adam is responsible for product lifecycle and market adoption from concept to implementation through to customer success. He is passionate about market strategies, and developing long-term path for success for our customers and partners.
Previously, Adam served as CMO and has held a variety of senior leadership positions at Stealthbits – now part of Netwrix including Sales, Marketing, Product Management, and Operational Management roles where his focus has consistently been setting product strategy, defining roadmap, driving strategic engagements and product evangelism.
Adam holds a Bachelor of Science degree in Business Administration from Susquehanna University, Selinsgrove, PA.
Related Posts
- Sensitive Data Discovery for Compliance
- Using The Azure Information Protection (AIP) Scanner to Discover Sensitive Data
- Advanced Data Security Features for Azure SQL- Part 1: Data Discovery & Classification
- How to Protect Office 365 by Classifying Your Data with Microsoft’s AIP Labels
- 2019 Verizon DBIR Key Findings
- 5 Cybersecurity Trends for 2019
- EU GDPR: Paving the Way for New Privacy Laws?
- Announcing Stealthbits Activity Monitor 3.0 & StealthINTERCEPT 5.1
- Key Take Aways from the Ponemon 2018 Cost of Insider Threats Report
- Where Real Organizations Are with EU GDPR 10 Days from Launch
Leave a Reply