网络安全 memes on social media are often good for a laugh, but several of the more popular ones have gained resonance with security professionals for a reason – they often speak to true (and painful) industry realities. Here are five cybersecurity memes that have made the rounds on social media recently – and reasons why you might want to pause your scrolling to give their deeper meaning some thought:
1. “隐藏痛苦,哈罗德”
有多少 security tools are in your company’s security tech stack? Are all the tools used to their full potential? Do you have enough people on your team to run the tools that you purchased? If you answered “No” to any of these questions, you’re not alone. 据估计 up to a third of security software purchased 放在架子上没人用过,还有这个 这一趋势似乎没有改变 很快. Remember that you can’t “automate” security with a tool. 你总是需要时间, resources and organizational support to configure, manage and optimize every new tool that you buy. Don’t fall into the trap of wasting money on security tools that you’ll never use.
2. “击掌淹死”
When a major breach or security incident happens, what do we do as a community? 根据我的经验, we very happily throw each other under the bus, pointing fingers and shaming the victim for not doing enough to prevent the breach. 但问题是. Every company that has a major security breach also has a security team, and that security team is protecting and defending to the best of its ability, 就像我们其他人一样. Breaches happen to even the very best security teams. So instead of pointing fingers and victim shaming, 我们应该提供支持, 建议和指导. We should want response teams to get through the incident as quickly and smoothly as possible. 毕竟,谁知道呢? Maybe one day, it’ll be your company that needs the help, and you’ll want the community on 支持你,而不是反对你.
3. “看,没人在乎”
It can sometimes seem as if we exist inside an echo chamber when it comes to “infosec drama”; 信息安全部门之外没有人关心 about zero days, critical vulnerabilities or massive security breaches quite like we do. 当然, 这有很多原因, 包括缺口疲劳, 但在我看来, our community does not reach outside of our “infosec bubble” very often. We don’t win hearts and minds for security, 我们不会结交盟友和朋友, 我们当然不会帮助别人, 尤其是商界人士, fully understand that security is a shared responsibility. I personally believe this is why we continue to have breaches – security is unable to make security a concern for anyone besides ourselves. 如果我们想改变这一点, we must start by changing the way we work with others, and reach across the aisle with a healthy dose of empathy, 谦逊和尊重.
4. “分心的男朋友”
与 估计有6000个网络安全供应商 在外面的世界, the information security community is often distracted by “shiny” things – IDS/IPS, WAF, SIEM, EDR / XDR, 鱼翅, 等. – that we tend to forget to work on the basics and fundamentals of our profession, 像打补丁, enforcing strong passwords and multifactor authentication, 以及用户意识.
根据最近公布的 Data Breach Investigations Report by Verizon, social engineering (phishing) ranks as the top root cause of a data breach; the more advanced attacks, 例如远程访问木马(RAT)攻击, 排名垫底! Your company is much more likely to get breached due to social engineering than a zero-day attack. Yet we buy shiny objects to prevent the complex attacks, not understanding that the real threat is right in front of our faces. 我们的优先顺序都错了! We need to spend more time doing the basics because that’s where the threat is.
5. “自行车卡在车轮上”
有成千上万的 unfilled cybersecurity jobs in the United States and millions of unfilled jobs around the world. 根据 ISACA’s 2022 State of 网络安全 report, close to 70 percent of cybersecurity professionals feel that their teams are understaffed. 因为 超过85%的职位空缺 是针对中高层到高层的吗, there simply aren’t enough qualified candidates out there for us to hire. 那么,我们该怎么做呢? Instead of growing a security workforce from the ground up, we poach people away from other security teams! We need more people in cybersecurity, and we need them now. 因为 entry-level people that we hire and train today become the senior-level professionals that we need fighting our battles tomorrow.
