Security News > 2023 > August > Is the cybersecurity community’s obsession with compliance counter-productive?
How many would determine that the best use of their resources would be to attain or retain compliance with a cybersecurity standard? And how many would deploy those compliance and auditing resources to patch more vulnerabilities, invest in additional cybersecurity expertise, tools to identify and reduce their external threat footprint, and myriad other effective measures to genuinely reduce their organization's cyber risk?
It's not as if dedication to compliance is any more of a guarantee against a breach than any other technology, strategy or prayer.
Show me a large enterprise that was breached and I'll show you a large enterprise adhering to multiple compliance standards.
Why do we continue to be obsessed with cybersecurity compliance, standards, frameworks, etc.
Of course, no one loves compliance standards more than vendors, just like every barber in the world would celebrate a new law requiring everyone to get a haircut weekly.
The less obvious reason for our community's love for compliance is that it covers behinds.