It's Not If Attackers Get In. It's What Happens Next | Insurity CISO Jay Wilson

"Usually it's not a question of if the bad guys get in. It's a question of what happens when they do."

Jay Wilson, CISO and CIO at Insurity, and Garrett Hamilton, CEO of Reach, joined Shubhangi Dua on The Security Strategist from EM360Tech to talk about why the controls you already own are where exposure quietly builds up.

That's Jay's line, and one every security leader has lived. Defense in depth only holds if every inner layer is configured the way you think it is. The outer door gets the attention. The inner doors are where incidents actually get stopped, or don't.

The catch is those inner controls don't stay put. An exclusion gets added to your EDR. MFA gets switched off for an exec during a break-glass fix and never switched back. A vendor update resets a policy. No alarm goes off, and the environment you think you have quietly drifts from the one you actually have.

That's what Reach watches. Continuous visibility into how controls are changing across IAM, EDR, firewall, and email security, regardless of which team owns the tool, with the drift that moves risk surfaced first.

Understanding the Cycle of Cybersecurity Control Configuration Risk: reach.security/drift-research-report

#cybersecurity #configurationdrift