Despite the accepted wisdom of the often-used quotation from Alphonse Karr ‘The more things change, the more they stay the same’, Alphonse obviously didn’t know much about cybersecurity.
Every single breach starts with a change, or the need for a change. Changes are both the enemy and the ally of cybersecurity, but in both cases, it is absolutely not the case that security is unaffected by change. Changes to IT systems are not just inevitable but near incessant in every organization: patches are routinely required to address vulnerabilities while business-as-usual improvements to IT services means that nothing stays still for long.
Every change made carries a risk of inadvertently weakening security, making it a ‘stick or twist’ gamble in the quest for improved IT. Even intentional changes serve to create ‘change noise’ that makes it easier for breach activity to hide in plain sight. Put simply, if you don’t know what and when is expected to change, how can you ever expect to expose tell-tale indicators of compromise?
Continue reading the Nice Quotes, But I Wouldn’t Take Cybersecurity Advice from Alphonse Karr article written by NNT CTO Mark Kedgley on InfoSecurity Magazine