Businesses must be urged to address persistent security weaknesses, according to cyber professionals.
In the ever-evolving landscape of cybersecurity, two powerful motivators have consistently played a significant role - fear and repetition. The latter might just be the key to pushing more organizations into action, as repetition of security warnings can help drive home the importance of cybersecurity measures.
John Dwyer, a seasoned cybersecurity professional with a 15-year career, has observed that despite repeated warnings about local administrative rights, it remains a common problem today. This issue, among others, highlights the need for continuous vigilance and the implementation of best practices in the cybersecurity realm.
The business world, it seems, often operates like a casino when it comes to cybersecurity, according to John Shier, another field CTO at Sophos. There are many gamblers, taking risks with their cybersecurity, hoping for the best but often neglecting crucial precautions.
Over the last five years, companies have been increasingly focusing on better preparedness for cyberattacks. Greenbone, for instance, has emphasised advanced vulnerability management and open-source security solutions. Plurilock Security has adopted AI-first approaches to strengthen critical service protections, while Siemens Energy has developed industrial cybersecurity expertise specifically for critical infrastructure components.
However, acquiring the necessary investment to achieve these goals remains a hurdle for some companies, as Dwyer points out. Phishing remains a significant threat, with Dwyer noting that it has been discussed for a long time and is still prevalent.
Chester Wisniewski, a field CTO of applied research at Sophos, suggests that a cataclysmic event may be necessary to prompt action in the cybersecurity industry. This sentiment echoes Wisniewski's earlier observations, where he noted that early on, only the richest and biggest companies understood the cybersecurity problem.
The year 2013 saw a significant moment in technology with Edward Snowden's leak of classified information from the National Security Agency. This event led to a push for internet encryption, with it now being difficult to find a website that's not encrypted as of 2023.
The threat landscape has changed, making every organization a potential target. More organizations are assessing ways to reduce risk through security controls, better architecture, and zero-trust models. Dwyer suggests that organizations should assume they will get phished and exploited, but there are still opportunities to prevent a crisis.
Dwyer, the head of research at IBM Security X-Force, stated that over extension of privileges, connectivity, and access have been prevalent for a long time. Despite best practices being consistently disregarded, there has been a change in the last five years, with more organizations willing to invest in security and apply best practices.
In conclusion, the cybersecurity landscape continues to pose a threat to organizations, with phishing, unpatched vulnerabilities, and lax processes recurring issues. However, the industry is evolving, with more organizations recognizing the importance of cybersecurity and taking steps to protect themselves.
Read also:
- Web3 social arcade extends Pixelverse's tap-to-earn feature beyond Telegram to Base and Farcaster platforms.
- Navigating the Path to Tech Product Success: Expert Insights from Delasport, a Trailblazer in the Tech Industry
- Online Cyber Assaults May Deter Web Usage Among Younger Generations
- Navigating English for Common Tech and Devices Daily Use
