As a security practitioner, chances are you’ve heard of the term “low-hanging fruit.” While this can be associated with the areas of your security strategy that are aligned with the “basics,” it’s also commonly used to describe the areas that online miscreants attack to infiltrate an organization’s network. To navigate the threat landscape of today, good cyber hygiene is essential, but many security practitioners today still fall into the gaps that present themselves.
According to Tripwire’s recent State of Cyber Hygiene report, visibility into the environment is still a challenge for the 306 IT security professionals surveyed in the study. Once they’re on a network, attackers can work swiftly to launch an attack; however, 57 percent of respondents indicated that it could take “hours, weeks, months or longer” to detect new devices on the organization’s network. Businesses may acknowledge the fact that the covering the basics is important, but they still have difficulty doing so, says Tim Erlin, vice president of product strategy and management at Tripwire.
“There’s a well known saying that ‘You can’t protect what you don’t know about,’” Erlin told InfoSec Insider during an interview shot at the Black Hat Conference in Las Vegas. “Asset inventory, both for devices and software, is a key component. It’s one of the foundational controls that the Center for Internet Security has put out. It’s certainly a basic, [yet] there are certainly gaps there.”
In the full video interview below, Erlin shares some of the significant statistics to come out of the study and highlights the different areas that security practitioners are failing to cover as it relates to securing the business.