Don't overlook preventive measures, expert warns

Related Links

Looking for trouble

Patrick McBride, chief technology officer and co-founder of META Security Group, thinks the government and industry are in danger of missing the forest for the trees if a cybersecurity early warning system focuses only on potential threats.

"Knowing a threat could be coming is important," he said, "But it's much more important for organizations to prioritize fixes and patches for vulnerabilities" beforehand.

People continually overspend on security threats and underspend on vulnerability assessments and patching, he said. So, if a public/private system is eventually built, sharing data on vulnerabilities could prove far more important than sharing information on threats.

"Assuming I know about vulnerabilities in my systems and have the information available to fix them," McBride said, "then there's an added value on the threat side where I can link those threats more precisely to the kinds of vulnerabilities they can exploit and fix the most important systems first."

In the end, he said, fixing vulnerabilities is where people will always get "the best bang for the buck."

About the Author

Brian Robinson is a freelance writer based in Portland, Ore.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.