Companies spend A LOT of time, energy, and money, but are STILL getting compromised. Are we just identifying solutions and trying to find a problem? Or are we, actually, identifying problems and looking for the solution?
At RSA, all the booths that said, “powered by AI,” were packed. So, I started asking the people, “Why are you here?” They all said, “We’re here to find better solutions.”
That made me wonder, “What is the problem that you’re trying to solve?” No one had an answer! They wanted something better, something cutting edge… something they couldn’t even define. The scary part is that if you’re not getting to the root cause of your network issue, you start spending money on the latest and greatest technical tools that are of no benefit to you. Even if this “new, amazing tool” helps improve your security at all, you should be asking yourself, “Is this aligned with the real threats that attackers are going to use?” Let’s step back and look at the real threats and exposures in your organization…
Make a page (or spreadsheet or white board) with 3 columns.
-
- Column 1) What are the 4 or 5 most critical pieces of information? Prioritize. What are the business processes that support it?
-
- Column 2) What are the threats that have the highest likelihood of causing damage that could cause harm to your critical data?
- Column 3) What are the vulnerabilities that currently exist in your organization that would allow those threats to have the biggest impact to your critical data? What are today’s exposure points?
This paper should lead you to, “What is the problem that needs to be solved?!?”
That’s where your focus needs to be. The biggest vulnerability exposure for many of our clients, today, is that they have systems accessible from the internet that are not fully patched. All of the latest and greatest technology tools, including AI, are not going to protect a vulnerable server that’s missing a patch. Centralized patch management is what solves the root problem. That may not sound cool or fun in today’s world of cyber security technology, but that’s what really protects data.
Before you do anything in the name of security, always ask yourself the following 3 questions:
-
- What is the risk that I’m trying to reduce?
-
- Is this the highest priority risk?
- Is my solution the most cost effective way of reducing it?
It’s not always about the new, fun stuff, because you have got to focus on what really matters. If you have servers accessible from the internet that are not patched or managed, you do not have configuration control, and you don’t know what’s on your network, then you should NOT be buying AI or any of the latest and greatest tech tools until you fix that problem.
Once you have all of that in place, then we can talk about other solutions. But right now, the biggest problem that I’m seeing is clients not having their servers patched. And they have data on those unpatched servers!
The bigger the breach, the bigger the impact is on how much of your data gets compromised. Any system accessible from the internet should NEVER contain critical data. Make sure that if you’re using encryption to protect your data, that all of the keys are stored on a seperate key server. All of this is a much higher priority than purchasing new, awesome tech tools. Then use AI to take it to the next level of security. Before looking for the next solution, make sure that you identify the problem. And the one page assessment should help you do just that.
Reach out to me, anytime, at secure-anchor.com/contact.
