Cybersecurity is not a technical issue. It’s a managerial problem that requires a new approach to risk management.
Imagine going down a river in a rowboat. Water seeps in, and you cannot see below the waterline — or, as it’s called in cyberese, the attack surface. While on the river, you bail the water out, and upon arriving back onshore you patch the most obvious holes. The very next day, you purchase a new product that ensures the bottom of your boat is absolutely water resistant. Now, feeling highly confident that you solved yesterday’s problem, you take the rowboat out on the river again. This time, you go over a waterfall and wreck the boat.
To read the rest of the article, click here: