Security News > 2021 > November > It’s about the survival of the fittest – CISOs must be brave enough to throw away their security playbook, or suffer the consequences
This holds true as attackers become more organised - constantly tweaking threat vectors, studying widely-used security playbooks, or testing their attacks against ancient security tools like IDPS. By relying on signatures to detect known threats and following the same old approaches, you're always going to be caught out by modern attackers, who already have the tools to bypass these dated defenses.
I still see 90% of CISOs today are "Playing it safe", clinging to old playbooks and legacy tools like IDPS. Perhaps it ticks a box for them by filling a control gap, or maybe the board is tired of security asking for new products, or these tools are just seen as "Tried and tested." The inconvenient truth is that we can't sit on our laurels in security, or we'll be completely exposed to attacks like Sunburst and Colonial Pipeline.
The old ways aren't working, so CISOs must be brave, throwing their playbook aside and stripping out dead weight.
The landscape has changed, and we need a new threat-led security model that puts the security posture of data first.
To get the buy-in needed for threat-led security, you must separate the wheat from the chaff.
This means replacing legacy tools with solutions that fit better with data-centric security models to give you better value for money overall.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/11/25/vectra_masked_ciso_series/