The saddest thing about IT & Cybersecurity is that 99% of the problems we& #39;re facing are not technical.

They& #39;re cultural, management and budget-related.

Implementing basic security controls, patching regularly, segmenting your network, EDR/AV on everything, it& #39;s basic shit.
There are companies that have had *thousands* of eternal blue and other severity 5 vulnerabilities for *years*. We know the problem, we know the solution, but it never gets done?

RDP exposed with weak passwords (KNOWN).

Culture.
"We can& #39;t afford a pentest", but you will literally spend thousands on Coffee and fancy office perks.
"We need to take down all machines and patch this week"

"Will there be downtime?"

"Unfortunately, yes"

"Oh - we can& #39;t risk that"

"Can we setup a dev instance to test?"

"No we can& #39;t afford the hardware for a new box right now"

Budget.
Some vendors and sales people are running around pretending we have a technical problem, we don& #39;t. Implementing basic security controls is, well, basic.

But having the stars align, budget, culture, risk tolerance, and management buy in is hard.
https://twitter.com/LitMoose/status/1252673302239174657

IF">https://twitter.com/LitMoose/... WE HAD BASIC CONTROLS - the world would be way more secure :D
You can follow @pry0cc.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled: