Wednesday, August 2, 2017

Mud and Wood houses

The report of the week

We call tales those stories about humanized animals that have a moral and didactic background. One of the most populars is ‘The three little pigs’ tale, in which the three main charaters move to the forest and build their own homes: the first one builds a thatch home, the second one a wood home, and the last one a bricks home. Once the pigs are stablished, the Wolf goes on seek of eating them, bringing down  easily the thatch and the Wood houses. However, the tale’s villain can’t bring down the bricks’ house, ending up chafed while trying to break  through the roof and falling in a boiling cauldron.

That tale aims to show the kids that obeying and security are much more important than playing with their friends. But tales also have lots to teach to those ones who are not that Young, as the last Thycotic’s research shows.

The report, which has the name of State of Cybersecurity Metrics Report, analyze the keys of the Benchmark Security Measurement Index, which got surveys’ results from more than 400 bussiness and security executives around the world. Base don the ISO 27001 international standars as well as in the good experts’ practices and asociates professionals, the survey offers a way to define how good an organitation is measuring its effectiveness in computer security. According to the results, more than the half of respondents (58%) rated as ‘insufficient’ or ‘very insufficient’ the efforts of measuring their investments in cybernetic security and its performances against better practices.

“It is really amazing having these results and checking how many people is failling while measuring the effectiveness of their security and their performance against good practices” says Joe Carson, Thycotic’s Scientist Security Boss. This report aims to show the reality about what’s truly happening so companies can solve their mistakes and protect their companies.

With the companies and the government spending more than €100,000 millions in cybersecurity, one out of three companies are taking empresarials decisions and buying technology to blindly improve their cybernetic deffenses. But the  most worrying thing, is that more of the 80% of the respondents didn’t include empresarials’ users on taking decisions about the purchase of cibernetic security nor have stablished a directive commitee to evaluate the comercial impact and the risks asociated with the cibernetic security’s invesments. The report also throws other interesting results:

  • One out of three companies invest in cybersecurity without having a way of 
  • Measuring their effectiveness.
  • Four out of five companies don’t know where to find their sensitive datas nor how to keep them safe.
  • Four out of five companies don’t communicate effectively nor include their inversors in cybersecurity’s invesments’ decisions.
  • Two out of three companies don’t measure properly if their recovery after an incident will work according to the planning.
  • Four out of five companies don’t measure the success of their investments in cybersecurity.
  • While the 80% of the security breaches are related with weak or stolen credentials. The 60% of companies still don’t know how to protect their accounts properly (i.e. their Kingdom’s Keys).


“We air this report not only to show the mistakes we are making, but also to educate those ones who need to improve in the áreas in which they’re weaker” Carson ends. “Our report offers recommendations asociated to better ways to educate, protect, monitoring and measure so that way improvements can be applied”.

As we can see after finishing to read Thycotic’s report, to build a structure strengthening the foundations with mud instead of concrete, will only result in our building falling down when a quake happens. We must measure the variables and check that what we are doing has results. What is a risky game is to think you have finished your work and go to ‘play’ without caring about your security, due to any wolf can come to blow and end up bring your house down.

0 comments:

Post a Comment