Last week I attended a webinar by Roger A. Grimes on using a data-driven defense approach to cybersecurity. He points out that rather than trying to fix every possible weakness in our cyber defenses we should look at where we’re being attacked and concentrate on those areas. He even used a similar analogy to what I’ve often said is an issue: implementing additional “best practices” (which are often forced on us by audits or standards organizations) frequently are the equivalent of adding additional deadbolts to your front door when you have a sliding door with a broken latch in back.

It’s a one-hour webinar that’s worth your time if you’re involved in planning cybersecurity strategies for your product or company.