As you've heard by now, Home Depot has experienced a major breach affecting 56 million cardholders. Something about this breach strikes me as a bit ironic. This company has been a major part of the DiY (do it yourself) movement – and unfortunately, we have seen that trend spill over into areas that should be the domain of professionals.
I’ll admit I’ve fallen victim to the HGTV effect. They bring in an expert with decades of experience who makes a major endeavor look easy, and I can’t help but think, “I could do that.” After a quick trip to Home Depot, will I really have everything I need to take on the project? That depends on exactly what I’m trying to accomplish. Having great tools does make a difference, and with the right equipment, I might be able to construct a sturdy table or tile a floor. But no amount of professional-grade gear will make it possible for me to build an entire house. You need more than great tools to complete a project of that scope – you need serious experience and know-how.
Similarly, in security, a good tool can go a long way. You're probably familiar with Core Impact Pro, which can turn a relatively inexperienced security professional into a sophisticated penetration tester. With this tool, customers are able to tackle significant security projects without bringing in expensive contractors. It's like buying a hammer instead of calling a handyman every time you want to hang a new picture on the wall – it just makes sense. But when it comes to managing a massive enterprise security program, we’ll be the first to acknowledge that software alone isn’t enough to get the job done.
You’ve read about breaches that occurred after vulnerabilities or intrusions were detected by security tools and subsequently ignored by security teams. Dig deeper into these cases and you’ll probably find there wasn’t a strong CISO leading the program, implementing procedures and keeping the team (and the tools) operating effectively. Experienced leadership is a must. Just as a professional contractor can make an old kitchen look new, a security professional can help you clean up a rusty security program.
I am a big fan of Home Depot and the weekend project. However, I also believe certain activities require the assistance of trained professionals. Taking on a small-scale security project? The right tool might be enough to get your team by. Running a major enterprise security program? You better have seasoned leadership ready to tackle that job.
To read the complete article, please visit SecurityWeek: