Security decisions should be based on verifiable data - facts - rather than opinions. I’ve seen the trend of CISOs and many security operators being impeded by the lack of transparency into security data, jaded by product features and marketing fluff and limited by their ability to glean high quality, data-driven insights to inform decision making. This is a problem that GRIMM is working to solve.
Last week the Director of National Intelligence released a Worldwide Threat Assessment. It’s fairly short and to the point (only 42 pages), but I wanted to summarize for those who don’t have time to read it and help apply it to enterprise defense. The main two things to take away from this report are: Threats: there are real threats against your organization, and Capabilities: it’s important to understand their capabilities.