Back to the basics

If it needs a patch, then apply it. Yes, it’s that simple.

Cyber Tech recap

After a very successful Cyber Tech 2023 Conference, our participants came away with great information and many key thoughts and ideas to take back to their organizations. Just like technology and security, this conference has evolved through the years. It took many months of planning by a tireless group of TBA staff to put together the absolutely, without a doubt, best lineup of speakers and topics that I’ve been a part of — kudos to them. Additionally, a big shout out to the numerous sponsors we had, including several first-timers. We would not be able to have these events without their support. 

“On the Cyber Front” podcast

We posted some of our sessions  on the Texas Bankers ISAO website (www.texasbankers.com/tbisao), including the first ever “On the Cyberfront” podcast with my good friend and ISAO Sponsor, SEI Sphere’s Mark Norcini. Listen to the podcast if you want to learn more about SEO Poisoning.

Back to the Basics

It is kind of funny — or maybe ironic — how we start with a theme for these conferences and somehow afterwards we come away with something a little different. This year was no different. No rehearsals, no cue cards, no input from me on the direction we wanted to take the event. Just kind of let it flow. This year the theme turned out to be “Back to the Basics.” Almost every presenter made a reference to it at some point in their slide decks. So, what does it mean? 

As I mentioned earlier, the threat landscape continues to evolve and/or shift. It seems like we’re in this constant state of change — we have to change to stay on top. We need to change our game plan. We need to buy the latest widget to keep up with the hackers. Or do we? Are we chasing unicorns? I’ve fallen victim to this before. 

We find ourselves constantly looking for the missing piece to a very large puzzle. Does it really matter? If I can see the big picture, that one little piece is not going to change the outcome. Okay, I’m starting to philosophize a little so let me reel this back in. What I’m getting at is we need to find out what matters most for our business and get very good at it.

Vulnerability management

In the IT and security world, one of the “what matters most” topics is vulnerability management. Vulnerability management is a continuous, proactive and often automated process that keeps our systems, networks and applications safe from cyberattacks and data breaches. Yes, it’s that simple — if you don’t have a vulnerability management program, you better get one ASAP. 

Patch management

Same can be said for patch management. I don’t know how many of these attacks — seems like every one of them — are a result of poor- to non-existence patch management programs. If it needs a patch, then apply it. Yes, it’s that simple. And if your MSP is saying something different, get another MSP. They should be able to patch or find a compensating control. 

Asset management

Often overlooked for some reason is asset management. You can’t be secure if you don’t know where it’s at or what it’s doing. I’ve struggled with this one until I found a tool to help. The tools are out there — you just need to commit to being very good at asset management.

It all goes without saying  that security awareness is top if the list, but it should start at the top of your organization. It’s a shared responsibility by everyone. 

Please visit our ISAO at texasbankers.com/tbisao or send me an email at [email protected]. I love hearing from you.