1. The whole Cybersecurity industry laments that if it just wasn't for the moron end users, everything would be elegantly secure. (They say like a mantra: "The End User is the Weakest Link in Cybersecurity")
2. Confidentiality, (Data) Integrity, and (System) Availability are the "Three tenets of Cybersecurity"
3. The National Institute of Standards (NIST) publishes A LOT of great Cybersecurity guidance and document templates to help a practitioner focus on things to secure and the policies and procedures that are 1/3 of the defensive battle.
4. MBAs, Owners, and CxOs HATE the Cybersecurity spend that is forced upon them by government regulations, insurance companies, etc. The majority take the frustration out on their underfunded Cybersecurity team.
5. You can't defend everything. The business must define the mission critical systems and prioritize the defense of them.
6. Nation states have infiltrated everything of interest and are sitting there watching each other.
7. Cryptographic algos are deemed secure until the precise time somebody figures out how to defeat it. Then the crypto community says: "mkay. Just run the same algo X more times on the same message and we should be good."
8. IF (when?) quantum computers work, the current crop of crypto algos are all hopelessly broken. The government is already planning for this to happen.
9. Hacker groups actually take a break to watch popular sporting events and even go on vacation. You can see the traffic die down in the attack logs when they are out of office.
10. The Federal Gov't is chomping at the bit to be able to respond "kinetically" after a cyberattack. That's bad.
11. Bonus: Some types of attacks, like ransomware, are really ingenious and elegantly applied computer solutions that leverage all kinds of cool computer science methods and topics.
12. Bonus 2: Have great (PRACTICED) backup and restore procedures. That is the ultimate defense.
No comments.