It’s time to stop thinking of threat groups as supervillains, experts say
Cybersecurity Dive
|
Contributed by: Drex DeFord
Summary
The article highlights the pitfalls of focusing too much on the identities of cybercriminal groups in enterprise security strategies. Experts, including Andy Piazza from Palo Alto Networks Unit 42 and Jen Easterly from the Cybersecurity and Infrastructure Security Agency, argue that mythologizing threat actors can detract from more effective practices like improving detection, response capabilities, and patch management. They suggest that instead of emphasizing the names and narratives of cyberattacks, defenders should concentrate on practical measures to reduce risk. Crowdsourcing efforts from cybersecurity vendors, such as CrowdStrike's symbolic representations of threat groups, aim to elevate cybersecurity discourse but can inadvertently glamorize the adversaries they seek to neutralize.