Don't overlook preventive measures, expert warns

Related Links

Looking for trouble

Patrick McBride, chief technology officer and co-founder of META Security Group, thinks the government and industry are in danger of missing the forest for the trees if a cybersecurity early warning system focuses only on potential threats.

"Knowing a threat could be coming is important," he said, "But it's much more important for organizations to prioritize fixes and patches for vulnerabilities" beforehand.

People continually overspend on security threats and underspend on vulnerability assessments and patching, he said. So, if a public/private system is eventually built, sharing data on vulnerabilities could prove far more important than sharing information on threats.

"Assuming I know about vulnerabilities in my systems and have the information available to fix them," McBride said, "then there's an added value on the threat side where I can link those threats more precisely to the kinds of vulnerabilities they can exploit and fix the most important systems first."

In the end, he said, fixing vulnerabilities is where people will always get "the best bang for the buck."

About the Author

Brian Robinson is a freelance writer based in Portland, Ore.

Featured

  • Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    Congratulations to the 2020 Rising Stars

    These early-career leaders already are having an outsized impact on government IT.

  • Cybersecurity
    cybersecurity (Rawpixel/Shutterstock.com)

    CMMC clears key regulatory hurdle

    The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

Stay Connected