August 18, 2022
While many believe there is no such thing as bad publicity, there is one type that you would like to avoid: Bad-Breach-Publicity.
Even the most well-managed crisis would leave a dent in a company’s reputation, and ultimately its balance sheet, so management tends to pay attention to announcements that make the news.
All unscathed companies that read about the breach go through a known series of events. The morning after, the CISOs can expect a call from the CEO, or the board members, about the relevance and preparedness of their organization to the malware-de-jure. Along with the check-in comes an action item to prepare a presentation for the management forum as well as apply corrective measures.
Of course the CISO, on his or her end, was never waiting for the headline. The security team is working year-round to prepare for any new threat. But alas – this is how the wheel turns. Till the next headline.
<Previous
Goldilocks
APT groups are no fairy tale. They are here to stay and apparently, they make a living. It’s a reality in the adversary vs defender cyber-arms race. With that reality in mind, cybersecurity controls have become a necessity and a priority for every organization on the planet. Setting them up, configuring them, and last but […]
Next>
A Red Teamer Is Not A Luxury
Someone has to keep us on our toes. Someone must verify that we’re not imprisoned by our own conceptions. Someone must do quality assurance tests on our security controls. We need our red teamers, and we need them badly. “Defense in depth” security practice has become “complex in depth” and the security control stack, policies […]