Brad LaPorte provides valuable insights into the current state of cybersecurity practices, emphasizing the need for organizations to embrace continuous security testing and proactive approaches to breach mitigation. He identifies five levels of maturity within organizations and highlights the growing adoption of continuous security testing, particularly among upper-level enterprise.

Here is the verbatim discussion:

Jesus uh not close enough is the answer so um really what it comes down to is um organizations like current state of the the market right now is organizations are really broken up into um kind of five different levels of maturity so it's it's really from zero all the way up to five um and and with that organizations that typically are in the continuous um security testing space and actually doing it on a continuous basis are the upper level five uh Arena and they typically have the budgets to support it ends up being financial and health care and to um you basically the global 500 that are in that aspect it's starting to go Downstream though which is great because I'm starting to see uh that you know in the lower levels uh uh areas there organizations are starting to get involved and then there's um a lot of manage detection response and and manage security um service providers that are integrating these types of security testings as part of their their larger stack so and they're automating a large portion of it which you ultimately makes it ideal for it to be 247 365 and implementing things like red you know automated red uh continuous automated red team or cart uh attack surface management and identifying you know where the actual attack surface today and that's a very important mindset like accepting that there will be those breaches h i see it more now than I have I ever have in the past two decades but it's not anywhere near where uh it needs to be and unfortunately um the root cause of a lot of what exists today is um it's nimi it's not in my backyard so it's not going to happen to me it's going to happen to somebody else and it's not until it's someone that's close to them so if they're in the industry say they're in retail and um they're the biggest competitor.

Highlights:

Continuous Security Testing: LaPorte discusses how organizations at the highest maturity level (level five) are actively engaged in continuous security testing, supported by robust budgets, particularly in financial and healthcare sectors and among global 500 companies. He notes a positive trend of adoption among organizations at lower maturity levels, facilitated by managed security service providers who integrate automated testing into their offerings.

Automated Testing and 24/7 Vigilance: The integration of continuous security testing into larger security stacks by managed service providers enables organizations to achieve 24/7 coverage. LaPorte highlights the importance of automated red team testing and attack surface management in identifying and mitigating potential vulnerabilities proactively.

Acceptance of Breach Inevitability: Despite growing awareness, LaPorte notes that acceptance of breach inevitability remains inadequate, with many organizations still adopting a "not in my backyard" mentality. He emphasizes the need for a cultural shift towards proactive cybersecurity practices, citing the prevalence of this mindset as a root cause of existing vulnerabilities.

LaPorte's insights underscore the critical importance of continuous security testing and proactive breach mitigation strategies in today's cybersecurity landscape. By embracing these practices, organizations can enhance their cyber resilience and better protect their assets against evolving threats. However, there remains a significant cultural barrier to overcome, with many organizations still failing to acknowledge the inevitability of breaches. Addressing this mindset is essential to fostering a proactive cybersecurity culture and effectively mitigating risks in an increasingly complex threat environment

Speakers: