Heuristic Security

Share this post

No organization is immune

www.heuristicsecurity.com

No organization is immune

If you don't take care of the fundamentals, don't be surprised when you fail

Michael Lines
Dec 16, 2021
Share
Share this post

No organization is immune

www.heuristicsecurity.com
PWC’s timeline of the days leading up to the deployment of Conti ransomware on May 14.

PwC, as reported by Brian Krebs, conducted a great post-mortem analysis of the ransomware attack on Ireland's public health system. It highlights two persistent failures that I see consistently. For all the harping on log4j (the latest disaster that highlights how unprepared most organizations are in dealing with security), until these issues are addressed, the breaches will just continue to increase in frequency and severity.

Thanks for reading Heuristic Security! Subscribe for free to receive new posts and support my work.

First, failure to take security seriously, as demonstrated by the lack of dedicated security leadership and focus. “The HSE assessed its cybersecurity maturity rating as low,” PWC wrote. “For example, they do not have a CISO or a Security Operations Center established.”

Second, the failure of a compliance-based, vs risk-based approach to security. "A common refrain I heard from those interviewed was that if it was security-related but didn’t have to do with compliance, there probably wasn’t much chance it would get any budget."

Pay now, or pay much more later. Business leaders need to learn the lessons from these constant failures and respond appropriately (this does not include burying your head in the sand and saying it won't happen to us).

Share
Share this post

No organization is immune

www.heuristicsecurity.com
Comments
Top
New

No posts

Ready for more?

© 2023 Michael Lines
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing