After 20 years, we’re still talking about patching. How is that possible?
Recently on The CyberCall, a weekly MSP cybersecurity podcast, we discussed common threats and breaches. An Incident Response (IR) expert said that the majority of the breaches relate back to something being unpatched. We are talking patching!
Here’s my take. At the end of the day, asset inventory and patch management need to be the foundation of your approach to security. Don’t spend another $10 to $20 per seat on a bunch of security tools unless you have your foundation (again, asset inventory and patch management) in place. And I’m not the only one who feels this way.
Jon Murchison, the CEO of Blackpoint Cyber, a technology-focused cyber security company headquartered in Maryland, agrees with me. His theory is this — less is more when it comes to security stack and controls. For example, understanding threat actors and the very common tactics they use will get you to the right approach. Upgrading to advanced antivirus (AV) and endpoint detection and response (EDR) (which threat actors can socially engineer around) without doing the basics doesn’t move your security posture forward.
Implementing the basics to prevent cyberattacks doesn’t have to be challenging, especially when there are resources out there to help you along, such as the Center of Internet Security (CIS)’s implementation groups. But, while your implementation groups cover all the right bases, don’t spend too much time on steps three through ten until you have process and discipline in a repeatable way around steps one and two.