So, what should organizations' security look like?It makes a lot more sense for organizations to ditch all of the unused, misconfigured security solutions. Instead, they should spend their money on a single tool and dedicate their resources to getting it working properly, so that they can extract tangible evidence. They can then use those findings to assign teams who can deal with a security process at hand and make measured changes according to their employers’ evolving business needs. Think of all of the pain and suffering an approach like this could spare an organization! Indeed, when you think about leveraging underused or misconfigured tools, it’s most often the case that an organization isn’t doing what they’re supposed to be doing. Such negligence (when exposed) commonly results in someone getting into trouble. For instance, C-Suite executives could single out a team, a manager or employee and blame them for the whole incident. In the context of GDPR, the ramifications could be even more serious. An organization could incur serious penalties that could limit its ability to conduct business going forward. By contrast, the act of embracing a single solution and using it to assign teams creates more accountability for everyone in the organization. More accountability means fewer opportunities for people to renege on their individual responsibilities and more chances for employees to support one another in the context of the organization’s digital security culture. This is what happens when there is less confusion and not so many security tools deployed. Of course, not any security solution will do. Organizations need one that specifically focuses in on foundational controls like asset discovery, vulnerability management and secure configuration management. Travis Smith, principal security researcher at Tripwire, tells us why it’s important that such a solution should focus on these basic security measures:
Those are some impressive numbers! Clearly, it’s in organizations’ best interest to find a solution that integrates as many of these security controls as possible. Learn how Tripwire covers 14 of those top 20 controls.
"Foundational controls really do work. Just implementing the first five controls can prevent 85% of the most common cyber attacks. Implementing all 20 controls will prevent 97% of the most common cyber attacks, all by following guidelines that are at your disposal."