From my experience: if any organization is satisfied with its cybersecurity posture, that's a valid sign that this company will be hacked soon. And you can see it in publicly available cases: - Pavel Durov, CEO of Telegram, to Tucker Carlson: (free citation) "Cybersecurity is not that important, just ignore the threats". Same month - Remote Code Execution in Telegram client because of developer's typo. - Mykhailo Fedorov, Minister of Digital Transformation in Ukraine: "The role of cybersecurity is slightly overrated". This was said publicly in Dec 2019. In around six months, in June 2020, the digital signing mechanism was broken ("Case of Ryaboshapka # 2"). Nuff said cyber breaches had mushroomed in Ukraine after Feb 2022. I'm proud of my clients who still stay strong. But, I digress. - WhatsApp: "We are secure by design". How about RCEs in video calls, particularly CVE-2019-3568, which was actively exploited in the wild? WhatsApp probably tried to say that they are private by design, but privacy and security are completely different ideas. We can never be satisfied with the results in cybersecurity, because cybersecurity is always process-oriented in its nature. #cybersecurity #hacking #penetrationtesting #appsec #devops #cyber #infosec
Makes sense!
Cyber Security Senior Manager, Lead, Digital Manufacturing Resilience
2moMakes sense. However speaking from experience if the company I’m working for accepts the risk with all the facts given who are we as cybersecurity professionals to dictate otherwise? I just have to accept they understand the risks and go about my day. If they get hacked because of a risk that was warned about then so be it. This might come off as unpopular. Cybersecurity isn’t the main player in the vast majority of businesses. It’s only a component of said business.