David Sheidlower, Vice President, Chief Information Security & Privacy Officer at Turner Construction
David Sheidlower, Vice President, Chief Information Security & Privacy Officer at Turner ConstructionIt really does keep happening. Public and private security organizations insist that timely patching is essential to preventing cyber attacks. And yet, we still hear regularly of organizations attacked by a hacker exploiting a vulnerability for which a patch existed days, if not weeks, before the attack.
How can we change this? More robust vulnerability management is one answer. Automated tools are certainly another. But I would also argue that as security practitioners, we need to advocate for a dramatic shift in how IT sees a system that is not up on its patches. Too often, IT treats vulnerability management as something they do to support security requirements. We need them to see an unpatched system as broken. Because ‘break fix’ is a process they have already built into their sense of mission.
I’ll illustrate this with a car analogy. Imagine a fairly new…
