"Up to Date" isn't the same as "Knowledgeable"

Eugene Spafford has a warning for us in his latest entry that I thought worth remembering:

Generally, hackers who specialize in the latest attacks dismiss anyone not versed in their tools as ignorant, so I have heard this kind of criticism before. It is still the case that the "elite" hackers who specialize in the latest penetration tools think that they are the most informed about all things security. Sadly, some decision-makers believe this too, much to their later regret, usually because they depend on penetration analysis as their primary security mechanism.

In many ways, I worry that mechanisms like RSS & twitter and the associated behaviour help us to be up to date, but not knowledgeable, and that the implied arrogance of being up to date stops us from realising it.

Monday, December 14. 2009
Posted by Dominic White in Security
Comment (1) | Trackbacks (0)

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

#1 Allen Baranov wrote (Link) (Reply)
Posted on Monday, December 14. 2009

Good point. Especially since Verizon Business's Breach Report (my bible) reports that the number of zero-days that have been used to successfully breach a customer of theirs is basically none. Most breaches are achieved with patches that are more than 6 months old. While cutting-edge (NAC, DLP, etc) is always more fun, managing the basics is more important (firewall, patching, awareness, anti-virus).

Add Comment

Name
Email
Homepage
In reply to
Comment
	Remember Information? Subscribe to this entry