Don't overlook preventive measures, expert warns

Related Links

Looking for trouble

Patrick McBride, chief technology officer and co-founder of META Security Group, thinks the government and industry are in danger of missing the forest for the trees if a cybersecurity early warning system focuses only on potential threats.

"Knowing a threat could be coming is important," he said, "But it's much more important for organizations to prioritize fixes and patches for vulnerabilities" beforehand.

People continually overspend on security threats and underspend on vulnerability assessments and patching, he said. So, if a public/private system is eventually built, sharing data on vulnerabilities could prove far more important than sharing information on threats.

"Assuming I know about vulnerabilities in my systems and have the information available to fix them," McBride said, "then there's an added value on the threat side where I can link those threats more precisely to the kinds of vulnerabilities they can exploit and fix the most important systems first."

In the end, he said, fixing vulnerabilities is where people will always get "the best bang for the buck."

About the Author

Brian Robinson is a freelance writer based in Portland, Ore.

Who's Fed 100-worthy?

Nominations are now open for the 2015 Federal 100 awards. Get the details and submit your picks!

Featured

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above