My quiet around security couldn’t last long.
First, from NextGov. The Cybersecurity and Infrastructure Security Agency published updated guidance for its Zero Trust Maturity Model on Tuesday, more than a year after the nation’s cyber defense agency issued an initial set of best practices and guidelines to evaluate security capabilities and identify areas for improvement. Changes included the addition of the “Initial” maturity stage within the model, which accounts for the second stage of an agency’s zero trust adoption process and includes steps like “starting automation of attribute assignment and configuration of lifecycles, policy decisions, and enforcement,” as well as others.
Cybersecurity firm Home Security Heroes put an AI-powered password-cracking tool called PassGAN to the test against 15m+ passwords.
- It cracked 51% of them in under a minute.
- It had worked out 81% of the list by month’s end.
And this whole space? TechAisle’s new research shows that the SMB and Midmarket spend on IT security will likely be US$84.2 B in 2023, an increase of 9.6% from 2022. IT security is the 2nd top priority for SMBs and 1st priority for core midmarket and upper midmarket firms. Between 55% and 54% of firms consider preventing cyberattacks a priority.
Interestingly, that’s somewhat in conflict with data reported in Axios. A CNBC survey released in the fall of 2021 found that 56% of small-business owners were not concerned about being the victim of a hack in the next 12 months. Additionally, 59% said they could quickly resolve a cyberattack, and 42% had no plan for responding to an attack.
So I’ve noted the continuation of the trend – Guardz (that’s with a Zee) launched a security platform that includes cyber insurance coverage and automated remediation plans.
Why do we care?
I’m most interested in the Zero Trust guidance, particularly as including an initial stage allows for an easier on-ramp for small organizations. That rings true to where I want us to spend our attention.
I also wanted to highlight this perception gap between those “in” our space and those “outside.” Every channel type constantly talks about security as the biggest thing… yet when I step outside that bubble, that isn’t what I hear. That disconnect is why I remain convinced that, while necessary, security can’t be the whole story and likely not the lead. In my good, better, best model, it just can’t get out of being an expense and living just in the good.
