Helen Keller, a famous American author once said, “Security is a superstition. It does not exist in nature.” This quote references the security of the human mind, however, the same implies in cybersecurity. Recent security events like the SolarWinds and Accellion hacks are prime examples of loopholes in your security through a third-party service. You might have covered all your security bases, but what about others? Are others in your business ecosystem having your back covered? Risk assessments, top of line cybersecurity products, or the best-in-class cybersecurity practices, are not enough today. While businesses agree that cybersecurity is constantly evolving, many continue to use legacy frameworks that are decades old (the Accellion hack is a good example of this) — and then end up thinking, “We did all that we could to secure our periphery, but…”
“Why do security programs ultimately fail?”
The answer to this dilemma can be found in a strategic whitepaper published by a cybersecurity solutions firm, Praetorian.
The researchers at Praetorian, often came across this anomaly when they tore down the defenses of their customers during Red Team exercises. They noticed that despite technical innovations, trained assets, and billions being invested in security, many businesses still struggle and ultimately fail to keep an attacker at bay. In their words, “Businesses end up losing their ‘Crown Jewels’ to the attacker, more often than not.”
Thus, with a forward-looking view of showing the mirror to the businesses of where exactly they are going wrong and failing in the pursuit of becoming secure, Praetorian security engineers decided to help the community with their expertise through a whitepaper titled “The Elephant in the Room: Why Security Programs Fail”
The whitepaper is an outcome of three years of innumerable client discussions and meticulous research from Praetorians’ security engineers. It answers the myths and some burning questions like, how and why many security programs spend too much time and money on things that do not appreciably reduce their business risks. This document has been written to guide those responsible for setting security strategies and to understand the common root causes of security programs’ strategic failure. This will in turn help them take corrective steps to evolve into a more effective, risk-informed security program. Here are some of the key highlights covered in the whitepaper:
- Factors leading to the misdirection of security programs.
- Misapplication of frameworks.
- The disturbance caused by compliance.
- Tenets of designing effective security programs.
- The economics of security effectiveness.
Let’s address the “Elephant in the Room” by downloading the whitepaper here.