In many cases, after being hit by a cyberattack, organizations will rush to address the vulnerability that allowed the attackers to penetrate their systems. However, this approach doesn’t actually help the company’s security stance.According to experts from Solutionary, many organizations develop their security strategy so that they’re protected against the top vulnerabilities appointed by security firms.
While ensuring that your systems are not vulnerable to SQL Injection or cross-site scripting attacks is certainly good, it’s not enough.
“As a security researcher, I will be the first to tell you that if an attacker can’t break into an application one way that they can certainly find another. Funny thing is, attackers do not work from a checklist and call it quits. Neither should we as security professionals,” Rob Kraus, director of research at Solutionary, explained.
“As information guardians, we cannot simply buy a product because it fills a checkbox and defeats SQL Injection or Cross-site scripting. Yes, it is certainly appealing to ensure that those features are included, but overall we need to step back and see where we can apply a sensible solution,” he added.