via pluginvulnerabilities.com => original post link
Last week Bloomberg’s Katrina Manson covered a recommendation from the US Cybersecurity and Infrastructure Security Agency that urged companies to automate threat testing. The story touched on one of the realities of the poor state of security that doesn’t get much attention, the current method of threat testing is both much more expensive than it needs to be and not very effective. The story mentioned a chief information security officer of a company that changed course after a ransomware attack two years ago that found that changing had this impact:
the price was cheaper than employing so-called penetration testers, who do similar work but less regularly and effectively [Read more]