Question for the board to be asking: Are we leveraging system logs to help protect our network? This may seem like this is too “operational” and goes against the “Noses in; fingers out” approach but if you aren’t asking the question, how can you be sure it’s happening?

It is a huge problem that many companies aren’t paying attention. The CISA Red Team has released an advisory emphasizing the crucial need for all organizations to monitor logs for suspicious activity and conduct regular testing to ensure their networks are secure, regardless of their cybersecurity maturity level. The Red Team assessed the cybersecurity response capabilities of a large critical infrastructure organization with multiple geographically dispersed sites by mimicking malicious threat actors. Key findings from the assessment revealed inadequate host and network monitoring, lack of endpoint management system monitoring, and excessive permissions for standard users, among other issues. The advisory provides recommended mitigations for organizations to strengthen their environment and protect against real-world malicious activity, as well as technical details that should be reviewed. The full advisory can be accessed on CISA’s website.



Paul Bergman runs a business strategy and cybersecurity consulting company in San Diego. He writes on cybersecurity and board management for both corporate and nonprofit boards.

Paul Bergman
Follow me