> "Move fast and break things" just isn't going to cut it anymore.
Yes, the cutting edge can cut both ways. But alas is kinda needed in IT security. So easy for a security update to come out, yet the process in some companies rightly dictates that it is tested so that the update does not break anything else. So you get a delay. So even then, that small window could see that security issue exploited and the powers that be will see you didn't apply the update instantly and you're lambasted - even for following best practices and going by the book of testing. After all, any update could have an impact upon the applications and infrastructure in ways above and beyond the issue the update is addressing. We have all encountered such issues as well.
So the phrase "move fast and break things" has a younger brother now "move slow and be broken".
Be nice if the powers that be (Governments) proactively audited companies IT security proactively instead of being event driven - after the horse has always bolted. I would love to see companies fined for security issues before such security issues are exploited and abused. After all, the customer always pays. Until that happens, the same mentalities in how security is treated as a priority will carry on playing out. But the other old IT saying of "if it works, don't touch it" whilst true, equally is the source of so many security issues that it just can not carry on being leaned upon.
Yes, the cutting edge can cut both ways. But alas is kinda needed in IT security. So easy for a security update to come out, yet the process in some companies rightly dictates that it is tested so that the update does not break anything else. So you get a delay. So even then, that small window could see that security issue exploited and the powers that be will see you didn't apply the update instantly and you're lambasted - even for following best practices and going by the book of testing. After all, any update could have an impact upon the applications and infrastructure in ways above and beyond the issue the update is addressing. We have all encountered such issues as well.
So the phrase "move fast and break things" has a younger brother now "move slow and be broken".
Be nice if the powers that be (Governments) proactively audited companies IT security proactively instead of being event driven - after the horse has always bolted. I would love to see companies fined for security issues before such security issues are exploited and abused. After all, the customer always pays. Until that happens, the same mentalities in how security is treated as a priority will carry on playing out. But the other old IT saying of "if it works, don't touch it" whilst true, equally is the source of so many security issues that it just can not carry on being leaned upon.