The paradox of security is we pretty much know what we are supposed to do most of the time — but we don’t do it. If you examine all the recent high profile attacks, somebody in the organization knew something was wrong before it happened. They just didn’t have the ability to escalate the problem, or the ability to raise a flag that people took seriously.
The lack of foundational security hygiene is what makes companies vulnerable to relatively mundane attacks, which are far more likely to hit your company than some sophisticated nation-state mounted attack. “There’s this misconception that we can’t defend against these attacks because we can’t deal with the sophistication of the attackers,” says Tanium CTO Orion Hindawi. “In turns out, we should just be doing the good hygiene we’ve all been trying to do for the last 20 years.” In this segment of the a16z Podcast, Hindawi shares how to get your security hygiene right — not just from a technical perspective, but from a cultural one as well.