Companies spend A LOT of time, energy, and money, but are STILL getting compromised. Are we just identifying solutions and trying to find a problem? Or are we, actually, identifying problems and looking for the solution?
At RSA, all the booths that said, “powered by AI,” were packed. So, I started asking the people, “Why are you here?” They all said, “We’re here to find better solutions.”
That made me wonder, “What is the problem that you’re trying to solve?” No one had an answer! They wanted something better, something cutting edge… something they couldn’t even define. The scary part is that if you’re not getting to the root cause of your network issue, you start spending money on the latest and greatest
Make a page (or spreadsheet or
- Column 1) What are the 4 or 5 most critical pieces of information? Prioritize. What are the business processes that support it?
- Column 2) What are the threats that have the highest likelihood of causing damage that could cause harm to your critical data?
- Column 3) What are the vulnerabilities that currently exist in your organization that would allow those threats to have the biggest impact
toyour critical data? What are today’s exposure points?
This paper should lead you to, “What is the problem that needs to be solved?!?”
That’s where your focus needs to be. The biggest vulnerability exposure for many of our clients, today, is that they have systems accessible from the internet that are not fully patched. All of the latest and greatest technology tools, including AI, are not going to protect a vulnerable server that’s missing a patch. Centralized patch management is what solves the root problem. That may not sound cool or fun in today’s world of
Before you do anything in the name of security, always ask yourself the following 3 questions:
- What is the risk that I’m trying to reduce?
- Is this the highest priority risk?
- Is my solution the most
cost effectiveway of reducing it?
It’s not always about the new, fun stuff, because you have got to focus on what really matters. If you have servers accessible from the internet that are not patched or managed, you do not have configuration control, and you don’t know what’s on your network, then you should NOT be buying AI or any of the latest and greatest tech tools until you fix that problem.
Once you have all of that in place, then we can talk about other solutions. But right now, the biggest problem that I’m seeing is clients not having their servers patched. And they have data on those unpatched servers!
The bigger the breach, the bigger the impact is on how much of your data gets compromised. Any system accessible from the internet should NEVER contain critical data. Make sure that if you’re using encryption to protect your data, that all of the keys are stored on a
Reach out to me, anytime, at secure-anchor.com/contact.