Do Breaches Happen Because the Tool Fails, or the Tool Was Poorly Configured?
Apr 13, 2023
auto_awesome
Guests: David Spark, producer of CISO Series, and Geoff Belknap, CISO, LinkedIn. The podcast explores who is at fault when breaches occur, the tool or the administrators who configure it. It discusses the relationship between complexity and security breaches, the value of specialization in building point solutions, the impact of misconfiguration in data breaches, misaligned expectations in cybersecurity products, reasons for breaches, and the importance of implementing security measures.
Breaches occur due to a combination of ineffective security tools and misconfigured or ignored controls.
Proper configuration and ongoing maintenance of security controls are essential to prevent breaches.
Deep dives
Security tools can fail due to ineffectiveness or misconfiguration
The podcast episode discusses the common reasons behind security breaches and who is at fault when security controls fail. The question is raised whether breaches occur due to the ineffectiveness of security tools or because they were misconfigured or ignored by administrators. The discussion explores different perspectives and experiences regarding this issue. The consensus is that it is often a combination of both factors. Security controls may not be fully effective, but they can also be misconfigured or not properly implemented, leading to breaches. It is emphasized that security is a complex and multidisciplinary field, requiring collaboration and communication between multiple stakeholders. Additionally, it is suggested that clear communication, training, and a focus on specific objectives are key to successful security implementations.
Misconfigured controls and lack of maintenance contribute to breaches
The episode highlights the importance of proper configuration and ongoing maintenance of security controls. It is noted that controls are often put in place but not sufficiently sustained or regularly verified to ensure they are functioning as intended. Poor control design, lack of implementation, and insufficient maintenance are seen as contributing factors to breaches. The importance of understanding control objectives and effectively communicating the desired outcomes to stakeholders is emphasized. It is also pointed out that vendors should be transparent and honest about the capabilities and limitations of their products, while organizations should focus on building well-thought-out plans and maintaining clarity on control objectives.
Balancing simplicity and efficacy in security products
The discussion delves into the challenges of balancing simplicity and effectiveness in security products. It is mentioned that vendors often try to offer a wide range of functionalities in their products, leading to complexity and difficulties in understanding their outcomes. Participants highlight the value of focused point solutions that excel in specific areas rather than attempting to address all security needs. The importance of clear communication, training, and ongoing innovation is stressed. The need for vendors to listen to customer feedback and prioritize solving specific problems is also mentioned.
Importance of clear communication and understanding control objectives
The episode underscores the significance of clear communication and a shared understanding of control objectives in effective security measures. It is suggested that misalignment of expectations between vendors and buyers can contribute to implementation failures. The importance of proper training, communication, and testing is highlighted, along with the need for vendors to accurately explain the functionality and expected outcomes of their products. Ensuring that control objectives are well-defined and comprehensively understood by all stakeholders is seen as crucial for successful security implementations.
All links and images for this episode can be found on CISO Series.
Security tools are supposed to do a job. Either they need to alert you, protect you, or remediate an issue. But they don't always work and that's why we have breaches. Who's at fault, the tool or the administrators who configured the tool?
Do you know which 3rd party apps are connected to your SaaS platforms? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk.Get visibility to all 3rd party apps — and their level of data access — with AppOmni. Visit AppOmni.com to request a free risk assessment.
In this episode:
Why do security tools fail?
Who's at fault, the tool or the administrators who configured the tool?
Is it usually because the control is ineffective or was the control misconfigured / ignored?
Do InfoSec produts have an efficacy issue or an implementation issue?
Remember Everything You Learn from Podcasts
Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
