Why is your organization’s security failing?
On this episode of Life of a CISO, Dr. Eric Cole answers the question: Why is my security failing?
Breaches, whether your organization is large or small, are almost an inevitable part of cybersecurity.
That’s why it’s not enough to use technology that prevents attacks, you must detect them.
By prioritizing detection and categorization of threats it allows you to better respond and track the breaches that are going to happen.
Join Dr. Cole to learn why your security is failing and how you can change your mindset to fix it.
In this episode:
- 0:21 Bake your pie
- 0:51 Marie Callender’s story
- 1:51 She was a busy single mom
- 2:16 What if she didn’t bake that pie?
- 4:01 This is what happens when you bake one pie
- 4:58 What is your purpose, what is your “pie?”
- 6:34 Join me on a mission to make cyberspace safe
- 8:49 You have one life, enjoy it
- 9:14 Why is security failing?
- 11:12 I’ve never worked on an incident where they were aware of a vulnerability
- 12:46 You can’t patch a server you don’t know about
- 14:10 I start with external IP addresses
- 15:10 Configuration management
- 16:43 Rule of 90%
- 19:58 How did the adversary get in?
- 23:19 The hotel analogy
- 25:28 We put all of our energy into prevention, not detection
- 27:11 If you generate 1,000 alerts and can only respond to 200, it’s a failed solution
- 29:11 Review: 100% patching for critical systems, data must be encrypted with separate keys, prevention is ideal, detection is a must