NopSec.com uses cookies to make interactions with the Company’s Websites easy and meaningful. When you visit one of the Company’s Websites, NopSec.com’s servers send a cookie to your computer. Standing alone, cookies do not personally identify you; they merely recognize your Web browser. Unless you choose to identify yourself to NopSec.com, either by responding to a promotional offer, opening an account, or filling out a Web form (such as a “Contact Us” or a “Free Trial” Web form), you remain anonymous to the Company. Please go to our privacy statement for details.

Acknowledge
More Menu Less Menu
Schedule a Demo
Threat and Exposure Research

Reemerging from the Flood

Some of you probably wondered where the NopSec crew and I ended up these days….already tired for blog writing?

Not quite.

Most of people at NopSec live between Manhattan and Brooklyn. And most of the people at NopSec even though safe and sound suffered inconveniences and damages from hurricane Sandy. As far as I am concerned most of the trees in the garden where I live in the East Village were downed during the storm, many flooded garages and basements, for at least tree days I did not have power and running water. That makes it hard to keep wired with the business even for the most motivated person. All around from 33rd Street all the way down to Battery Park there is still no power in most of the buildings. Last night I needed to go to eat at a restaurant in midtown due to lack of power. Looking download from midtown it seemed to enter the oblivion….dark and ominous!

While walking home and stopping by any available Starbucks to recharge my phone, I could not stop thinking about the big talks preceding this hurricane in regards to the City of New York’s emergency preparedness and the massive failure to restore power and running water for most part of the lower side of the city.

In this regard, this situation reminded me our everyday work as security professionals securing our organizations. Sometimes in our security programs we focus on big budget, high-visibility security control ticket items, such DLP, SIEM, NAC, + insert any other acronym here. We often forget, like the City of New York forgot in this circumstance, to take care of most basic measures to secure our organizations which do not break the bank, such as data classification, an appropriate vulnerability management and remediation program, fixing “low handing fruit vulnerabilities” such as default passwords, exposed files, and indexable web directories.

Obviously for the City a state of the art emergency communication system costed millions of dollars but did not allow to restore basic needs such power and running water in a timely fashion.

In the same way, the security ” big ticket items” do not make the difference….discovering and fixing one vulnerability at the time does.

Categories
Category
Tags
Verizon 2020 DBIR Report, Vulnerability management
Read Next

Schedule a Product Demo Today!

See how NopSec's security insights and cyber threat exposure management platform can organize your security chaos.