A lot of respect and appreciation is due to today’s medical staff, there’s no doubt. But I would argue that we owe just as much to the cybersecurity teams keeping our businesses, economy, and in a sense, our livelihood, protected.
I call them Corporate Patriots™ - and they deserve our appreciation, gratitude, and respect during these hard times. The CISO’s role is one of the most difficult ones in the world. It’s a job for survivors.
During these pandemic days, the gap between the CISOs’ tasks and the means they have to perform them is reaching an all-time high. More attacks and more attack surfaces, with less budget and less staff. When you pile on the WFH challenges, I believe we can agree that this Cybertoon is actually an understatement of their realities.
Having read the Equifax Data Breach Congress Report from December 2018, one can see that the alleged Chinese attackers did not need to work very hard. All they did was take advantage of a few expired security certificates, a non-patched Apache Struts software and utilize a few web shells that led into additional databases.
Before you even ask, the answer is yes, it could have been prevented. If only there was an effective way to continually pen-test the entire network and point to these non-critical vulnerabilities that can lead to a disastrous breach. Well, now there is - automated penetration testing. And it is here to stay.
We all agree that we need more PT. Pentesting is the only proven way to emulate a real attack and test all your cyber- defense as a whole. However, there are many drawbacks that make it difficult to scale this highly-demanded service and have it done in a much higher frequency than the typical annual ceremony.
While more and more cybersecurity jobs remain unfilled and the learning curve to become an experienced pen-tester becomes even steeper, the silver lining remains in the domain of software and automation. It’s the time for automated penetration testing platforms!