Reply to post: Re: Selling insurance against breakins seems insane

Insurance companies now telling you what tech to buy with um-missable price signals

Anonymous Coward
Anonymous Coward

Re: Selling insurance against breakins seems insane

> worthless (like keeping current on patches)

Whilst some outdated security practices are worthless - like password complexity tests plus repeated password changes - keeping current on patches is definitely not.

If your OS or applications have known holes, they *are* going to get exploited sooner or later.

> One employee getting phished can let an attacker inside and all your perimeter defenses are worthless

That's really just saying "perimeter defenses are worthless", which is indeed true.

See Google's "BeyondCorp" paper for a better way of doing it. Basically: don't trust anything inside the network any more than you trust the outside. All apps must validate both the device and the end user (or sit behind a proxy which does that). And all devices must prove they have been locked down and are fully patched.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019