“Even if an organization is compromised by a zero-day attack, the lateral movement, registry manipulation, network communications, and so on, will be apparent to a mature cybersecurity practitioner and program.”
Marcus J. Carey is a cybersecurity community advocate and startup founder with more than 25 years of protecting government and commercial sensitive data. He started his cybersecurity career in U.S. Navy cryptology with further service in the National Security Agency (NSA).
If there is one myth that you could debunk incybersecurity, what would it be?
The biggest myth that I hear is how attackers are always changing up their tactics. While it is true that new exploits come out over time, the initial exploit is just the tip of the iceberg when it comes to attacker movement on a system or network.
Even if an organization is compromised by a zero-day attack, the lateral movement, registry manipulation, network communications, and so on, will be apparent to a mature cybersecurity practitioner and program. So, their tactics don’t really change a lot.
What is one of the biggest bang-for-the-buck actions that an organization can take to improve its cybersecurityposture?
The easiest thing an organization can do to prevent massive compromise is to limit administrative accounts on ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month, and much more.
