George Carlin made comedy history when he created stand-up routine around the seven dirtiest words that could never be said on the radio or on television. (For the sake of our readers, a simple search on YouTube will find the routine – it is adults only content!) What made this routine so unique is that he boldly came out and stated seven words that no one should ever write, say, or even hear – privately or publicly. That concept alone is all this blog is about. There are five cybersecurity words team members never want to hear regarding their own organizations. Listed in priority order, according to my humble opinion, they are:
  1. Incident – “We have had a security incident within the organization.”
  2. Malware – “We have identified a malware infestation and need to remediate the issue immediately.”
  3. Ransomware – “We have been infected with ransomware.”
  4. Compromised – “We have detected that system(s) have been compromised.”
  5. Breach – “We have identified a data breach.”
So why are these words so dirty? Each one of them alone does not tell you the size, scope, risk, or repercussions of the cyber security problem in question. They are “dirty.” If you have to say, or hear, a team member say that you have been infected with ransomware, the scope and threat are absolutely filthy. We need to find a way to clean up these dirty words and make sure they are never used within our own organizations. To that end, I propose the following:
  • Privileged Access Management – removes and manages administrator rights that could otherwise lead to someone saying any of the five dirtiest cybersecurity words.
  • Vulnerability Management – ensures remediation practices are performed, preventing exploitation that otherwise could lead to a vocalization of a dirty word.
  • Identity & Access Management – manages the entitlements of people so we can minimize the risks of them performing an act that could otherwise lead to swear word.
We never want to be singled out for saying a bad word. We also never want to be the bearer of bad news based on a cybersecurity incident within our organization. So, to prevent us from ever saying them, we can embrace cybersecurity best practices and minimize the risk of us even being tempted to utter them under our breath. As the leader in privileged access management and leader in Vulnerability Management, BeyondTrust is in a unique position to help with these basic cybersecurity hygiene disciplines and clean up your environment. The results could be just what we need to ensure we never have to utter those dirty cybersecurity words again.
Profile photo of Morey J. Haber

Morey J. Haber

Chief Technology Officer,Chief Information Security Officer, BeyondTrust

With more than 20 years of IT industry experience, and author of Privileged Attack Vectors and Asset Attack Vectors, Mr. Haber joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition. He currently oversees the vision for BeyondTrust technology encompassing privileged access management, remote access, and vulnerability management solutions, and BeyondTrust’s own internal information security strategies. In 2004, Mr. Haber joined eEye as the Director of Security Engineering and was responsible for strategic business discussions and vulnerability management architectures in Fortune 500 clients. Prior to eEye, he was a Development Manager for Computer Associates, Inc. (CA), responsible for new product beta cycles and named customer accounts. Mr. Haber began his career as a Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science in Electrical Engineering from the State University of New York at Stony Brook.