Meet Jeff. He’s the CISO of a mid-sized financial services company – and it’s his job to keep the organization safe from security attacks.
Every week, he checks the graphs and dashboards in his SIEM (security information and event management) platform. He has set clear KPIs for where these metrics should be, and his team have worked hard to optimize them. He’s just gone over the regular reports and the results are good: over the last year, they’ve massively improved both the speed and responsiveness of vulnerability patching.
Jeff sits back and puts his feet up, satisfied with his work.
So he’s pretty surprised to get a call at 2am a few days later to find that their CRM has been hacked and the personal details of thousands of customers have been leaked.
So what happened?
Why You Need to Move Past The Metrics Mirage?
The scenario we just described is every CISO’s worst nightmare. As far as attacks go, a data breach of sensitive customer data is about as bad as it gets. And despite all the hard work of his team, Jeff still found himself in the worst possible position. But why?
Here’s the reality: Jeff is a victim of the metrics mirage. The team has worked through a long list of known vulnerabilities at breakneck pace. But the problem is, they’re not all equally as risky. In prioritizing speed and responsiveness above everything else – they’ve missed one key vulnerability that had the potential to bring down the entire IT infrastructure.
The hard work hasn’t paid off for one simple reason: T ..
Support the originator by clicking the read the rest link below.
