Cyber Security Management: Does It Work or Just Output Excuses?

September 23, 2022

It seems that cyber security is a bit of an issue at a number of organizations. Uber faces a teen and seems to say, “We’re a-okay.” A Chinese entity may have lost data about one billion people. If I poke around, I can find one or two examples of what seem to be cyber security challenges. Oh, sorry. Yes, one or two may be an understatement.

“Nearly a Third of Security Teams Lack a Management Platform for IT Secrets” suggests that there may be a problem with management. The write up states:

most security pros expect cyber attacks to intensify over the next year, some 32% surveyed lack a management platform for IT secrets, such as API keys, database passwords, and privileged credentials, posing significant security risks.

Does this mean that geared up outfits with layers of security, training programs for employees because phishing is a problem, and expensive real time flows of threat data about vectors with snappy names have a vulnerability?

Yes, some organizations have another cyber security issues with which to wrestle. Management of “information technology secrets” may pose a threat. More precisely, a failure to manage passwords and other “IT secrets” is lacking. No kidding? Poor or ineffective management. Who would have guessed that work-from-home, quiet quitters, and basic safeguards were inadequate. Wow. Insight!

The article says:

While many surprisingly report feeling prepared for attacks, security leaders admit their tech stacks lack essential tools: Some 84% are concerned about the dangers of hard-coded credentials in source code, but 25% don’t have software to remove them. And, more than one-quarter of respondents (26%) say they lack a remote connection management capability that can secure remote access to IT infrastructure.

I think this means that after many PowerPoints, trade show presentations, and big buck mergers and acquisitions, bad actors have some vulnerabilities to exploit.

Is it time perchance to rethink cyber security and the management thereof?

Nah, security is a cost center. And most executives with whom I talk are reasonably confident that their personnel, advisors, and information technology professionals are Top Guns, flying juiced up cyber gear.

Okay, no problem. That’s why storing Microsoft Teams’ tokens in plain text is such a great idea.

Stephen E Arnold, September 22, 2022

Comments

Got something to say?





  • Archives

  • Recent Posts

  • Meta