It’s essential that boards understand the organization’s cyber risks in order to successfully oversee overall company performance. CISOs and CSOs who can clearly convey cybersecurity to the board promotes better navigation of the organization in today’s uncertain cybersecurity world.
Ideally a penetration test should simulate a real world attack; in the real world, the attacker will always have some objective beyond “get into the network.” No matter who the attacker is, they are motivated by something that they are trying to accomplish – and getting into the network is only one step in that process for the attacker.
Network security practitioners often look to solve technical problems with technical solutions: “The engineers got us into this mess; they can get us out of it.”
Why are so many breaches continuing to occur without let up after several years of headlines? Are the attackers that smart, or are businesses not putting the proper focus on the problem?
Tell somebody that you’re planning to make a plan, and you’ll get some snide looks. But tell somebody that you have a good plan in place, and it instills a sense of preparation and confidence.