In the United States, we are well into our fall and winter holidays. Many people started decorating for Halloween in September and Thanksgiving in October. In November we are ensconced in Christmas decorations, commercials and shopping specials. Last week we had Black Friday, a day for in-store bargain hunting. And now, here we are at Cyber Monday, a day where we are encouraged to shop online. We’re busy!
What does all of this holiday activity have to do with cybersecurity? Well, it occurs to me that a parallel can be drawn between this holiday season and cybersecurity. Namely, we can get caught up in bustle and forget to focus on our larger purpose. With regards to cybersecurity, that may mean that we lose sight of our organization’s mission and the risks to its mission. We can get caught up looking at the (Christmas) trees and miss seeing the forest.
The cybersecurity frenzy
How often are we, in the security industry, told from all kinds of government, commercial and other well-meaning sources to follow advice like:
“Patch every vulnerability with a CVSS score of 9 or greater in less than 5 days.”
“Ensure your applications are configured to be resilient against the…
