Read on Twitter
The saddest thing about IT & Cybersecurity is that 99% of the problems we're facing are not technical.
They're cultural, management and budget-related.
Implementing basic security controls, patching regularly, segmenting your network, EDR/AV on everything, it's basic shit.
They're cultural, management and budget-related.
Implementing basic security controls, patching regularly, segmenting your network, EDR/AV on everything, it's basic shit.
There are companies that have had *thousands* of eternal blue and other severity 5 vulnerabilities for *years*. We know the problem, we know the solution, but it never gets done?
RDP exposed with weak passwords (KNOWN).
Culture.
RDP exposed with weak passwords (KNOWN).
Culture.
"We can't afford a pentest", but you will literally spend thousands on Coffee and fancy office perks.
"We need to take down all machines and patch this week"
"Will there be downtime?"
"Unfortunately, yes"
"Oh - we can't risk that"
"Can we setup a dev instance to test?"
"No we can't afford the hardware for a new box right now"
Budget.
"Will there be downtime?"
"Unfortunately, yes"
"Oh - we can't risk that"
"Can we setup a dev instance to test?"
"No we can't afford the hardware for a new box right now"
Budget.
Some vendors and sales people are running around pretending we have a technical problem, we don't. Implementing basic security controls is, well, basic.
But having the stars align, budget, culture, risk tolerance, and management buy in is hard.
But having the stars align, budget, culture, risk tolerance, and management buy in is hard.
https://twitter.com/LitMoose/status/1252673302239174657
IF WE HAD BASIC CONTROLS - the world would be way more secure :D
IF WE HAD BASIC CONTROLS - the world would be way more secure :D
