The Secret to Good Cyber Security

The world has spent untold billions of dollars on cyber security technologies and services. Despite this spending, cyber breaches continue. They’re getting bigger and badder. Does any of this spending do any good? Possibly, but it’s probably not giving you the benefit you think you’re getting. In fact, you probably want to first look at something else entirely. It’s a secret not many people know, but hopefully one which will get more widespread focus.

Strong cyber security is impossible to attain directly. The simple reason why is because cyber security has been, and always will be, a byproduct. It’s the result that happens when your organization has implemented strong technology governance. Attacking the security problem directly without addressing the underlying foundation won’t get you very far. Good endpoint software won’t help much if your asset management processes are broken. Hence, breaches continue to occur despite all of these billions of dollars being spent.

As an example, the big news this week is that Department of Homeland Security (DHS) just released an alert about the BlueKeep vulnerability. DHS has been successful in using exploit code to compromise Windows 2000. Really? It would be interesting to know how much money DHS spent on this. If you’re still running Windows 2000 in your enterprise, you have some bigger problems than BlueKeep. In the alert, DHS makes the same recommendations they always do. Patch your systems, use supported operating systems, only allow needed services through your firewall, etc.

Looking at the DHS alert on BlueKeep, however, illustrates the main point here on how to achieve good cyber security. The mitigations and recommendations which DHS provides are the same for this vulnerability as they are for many, if not most, of all of the other vulnerabilities out there. Guess what? They all come back to good technology governance. You know, the basics.