Greg Shipley, founder of Neohapsis, wrote an article in Information Week magazine, this time about how ineffective most of the money spent on security defenses is against the attacks we’re facing. It’s not a short article, but as I’ve said before, Shipley is always worth reading. Here’s what I found most interesting in the article:
- “Deficiencies, even in our security technologies, are an unfortunate fact of life,” says Shipley.
In nature, predators watch for young, weak, or isolated animals. So do attackers. So should you.
When scoping a security assessment or audit, always keep an eye out for the lone reed. In other words, take special note of the one item (process, account, device, etc.) that has the same function as others in its category or class, but is a bit different. That item often has weaknesses the others don’t have.