I would like companies (but also public organizations) to start realizing what you are writing about. Although, in my opinion, the problem is not always the incompetence of leaders, but the lack of them. Sometimes it's due to management unawareness, and sometimes it's due to lack of resources. Small companies often think they can't afford an extra full-time employee, let alone an entire security team. That's why some time ago we started working with a group of friends on a community project that could be called “safety ambassadors.” We share our knowledge with organizations that want it, and create a SPOC in such an organization. We are mainly talking about public offices, schools, hospitals. Then such an SPOC, in case they don't know what to do in a particular case (or where to even start), they can come to us for advice. Over time, they will be able to implement just those basic principles of cyber hygiene you write about. And sometimes that's enough to make a bad actor give up on attacking a particular site and look for an easier target.
I agree it’s not always incompetence but lack of leaders. Good point on that. And your community project sounds great. Feel free to share more about it with me!
I would like companies (but also public organizations) to start realizing what you are writing about. Although, in my opinion, the problem is not always the incompetence of leaders, but the lack of them. Sometimes it's due to management unawareness, and sometimes it's due to lack of resources. Small companies often think they can't afford an extra full-time employee, let alone an entire security team. That's why some time ago we started working with a group of friends on a community project that could be called “safety ambassadors.” We share our knowledge with organizations that want it, and create a SPOC in such an organization. We are mainly talking about public offices, schools, hospitals. Then such an SPOC, in case they don't know what to do in a particular case (or where to even start), they can come to us for advice. Over time, they will be able to implement just those basic principles of cyber hygiene you write about. And sometimes that's enough to make a bad actor give up on attacking a particular site and look for an easier target.
I agree it’s not always incompetence but lack of leaders. Good point on that. And your community project sounds great. Feel free to share more about it with me!