What are organizations lacking in their cybersecurity posture?

Security Strategy & RoadmapSecurity Frameworks (NIST, CIS, CSF)Risk Management
768 views1 Upvote3 Comments
Sort By:
Oldest
Founder/Chairman/CTO in Telecommunication2 years ago
I view cybersecurity as an 80/20 problem overall. 80% of it is hygiene and things that we've seen before — things that we can automate, in cases where automation is a viable and economic solution. It’s within the remaining 20% that the bad stuff happens. So how do you address both at the same time? It's always been interesting to have this conversation in the context of Bugcrowd, because people assume that I'm all about humans coming in to solve everything. But that's not true.

There's always going to be a gap that's created by the innovation of the adversary, which only has human creativity and human adoption of process as its solution. But you should automate wherever you can. The companies that we work for weren't started just to fight Russia or China, so this is not our main game.
SVP in Finance (non-banking)2 years ago
I refer to my approach as brilliance and basics, and the latter is what's lacking. There are hundreds of NIST and CIS recommendations out there. But the reality is, you only need 20 basic things. If everyone did those 20 basic things, they would be way ahead of where they are today. The general challenge that I find is that people get caught in the minutiae of all the other recommendations without realizing that they haven't even locked the doors or closed the windows.
1 Reply
lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
Founder/Chairman/CTO in Telecommunication2 years ago

Exactly. It’s simple hygiene, just like making sure you wash your hands after you use the restroom.

Content you might like

Do you have any dedicated resources for vulnerability patching?

Threat & Vulnerability ManagementSecurity Strategy & RoadmapTeam & Organizational Design

Yes - one person46%

Yes - multiple people46%

No7%

View Results
3.1k views

We are a large manufacturing company with over 17,000 associates, about half of whom have company-provided cell phones. We average two lost devices per week, which seems low, but executive management is concerned and wants to know if our numbers are typical compared to other companies. My questions are: 1. Do other companies also struggle with lost or stolen devices? 2. What is the average number of lost devices per week? 3. Are there repercussions for associates who lose devices due to carelessness or negligence?

Mobile Device Management (MDM)Mobile DevicesSecurity+2 more
VP of IT in Retail3 days ago
My previous organization implemented a strict one-strike policy for lost or damaged devices. While the first incident was considered an accident, repeat offenders were required to reimburse the company for the lost or damaged ...read more
82 views1 Comment

Any recommendations for a comprehensive GenAI learning platform?

EngineeringData & AnalyticsSecurity Strategy & Roadmap+4 more
IT Manager in Constructiona month ago
Hello,
the topic is so broad, what are you focused on?
Read More Comments
4.8k views2 Upvotes5 Comments

What is your organization’s current status for implementing endpoint security to protect O365 on mobile devices?

End-User Services & CollaborationSecurity & GRCDevice Management+14 more

Implementation complete23%

Implementation in progress54%

Planned within the next 12 months12%

Not planned7%

Not enabling O365 on mobile2%

View Results
2.4k views2 Upvotes

Does anyone have information about Japan's ESPA (Economic Security Promotion Act) regulation and its applicability, and does anyone have any information on the consultants/assessors who can walk us through the process of complying? 

Peer InsightsSecurity Strategy & Roadmap
78 views