“Ticking the compliance box”
While companies are wisening up to cyber security protection, it is still not as popular as some may think.
What is the biggest issue in-line with just “ticking the pen test box” and not solving the glaring issue after?
The answer is people – those people are often management and higher. This is the problem we all face in this industry.
The same recurring theme in every instance is people who don’t plan to fail, they fail to plan. People who don’t take the repercussions seriously enough because it’s easier for them to go start another company as a serial CEO than it is for the average IT Manager to get a new job after a breach. The penalties for executives and management for failing to take action are not stiff enough. The CEO that leaves the company iPad or MBP in the plane or cab in New York.
The office manager who opens every ransomware infected email attachment and signs into every phishing site hoping to win that Tesco gift certificate.
The marketing department that creates enough online shadow IT service accounts to choke a mailchimp and never asks once for IT approval or assistance until it’s broke, doesn’t work, or hacked.
The devs, the lovely devs who, without them, the CEO would have no product. Oh the devs. The network you spent a life time learning to protect and is your fortress of defense.
The devs create an application running on your servers and allow members to upload any file extensions the member desires or fails to expire cookie’s. The devs that create XSS and CSRF vulnerabilities very well. These people. We must protect. These are our issues.
From aviation to manufacturing processes and cyber security in-between, human error spares no one.
This is why we have partnered with a company whose solution understands that human error will always be present. That is deception. Deceiving malicious attempts to cause chaos to your IT network. So go ahead and click that link, nothing will happen.