George Carlin made comedy history when he created stand-up routine around the seven dirtiest words that could never be said on the radio or on television. (For the sake of our readers, a simple search on YouTube will find the routine – it is adults only content!) What made this routine so unique is that he boldly came out and stated seven words that no one should ever write, say, or even hear – privately or publicly. That concept alone is all this blog is about. There are five cybersecurity words team members never want to hear regarding their own organizations. Listed in priority order, according to my humble opinion, they are:
  1. Incident – “We have had a security incident within the organization.”
  2. Malware – “We have identified a malware infestation and need to remediate the issue immediately.”
  3. Ransomware – “We have been infected with ransomware.”
  4. Compromised – “We have detected that system(s) have been compromised.”
  5. Breach – “We have identified a data breach.”
So why are these words so dirty? Each one of them alone does not tell you the size, scope, risk, or repercussions of the cyber security problem in question. They are “dirty.” If you have to say, or hear, a team member say that you have been infected with ransomware, the scope and threat are absolutely filthy. We need to find a way to clean up these dirty words and make sure they are never used within our own organizations. To that end, I propose the following:
  • Privileged Access Management – removes and manages administrator rights that could otherwise lead to someone saying any of the five dirtiest cybersecurity words.
  • Vulnerability Management – ensures remediation practices are performed, preventing exploitation that otherwise could lead to a vocalization of a dirty word.
  • Identity & Access Management – manages the entitlements of people so we can minimize the risks of them performing an act that could otherwise lead to swear word.
We never want to be singled out for saying a bad word. We also never want to be the bearer of bad news based on a cybersecurity incident within our organization. So, to prevent us from ever saying them, we can embrace cybersecurity best practices and minimize the risk of us even being tempted to utter them under our breath. As the leader in privileged access management and leader in Vulnerability Management, BeyondTrust is in a unique position to help with these basic cybersecurity hygiene disciplines and clean up your environment. The results could be just what we need to ensure we never have to utter those dirty cybersecurity words again.
Photograph of Morey J. Haber

Morey J. Haber, Chief Security Officer, BeyondTrust

Morey J. Haber is the Chief Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored three books: Privileged Attack Vectors, Asset Attack Vectors, and Identity Attack Vectors. He is a founding member of the industry group Transparency in Cyber, and in 2020 was elected to the Identity Defined Security Alliance (IDSA) Executive Advisory Board. Morey currently oversees BeyondTrust security and governance for corporate and cloud based solutions and regularly consults for global periodicals and media. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition where he served as a Product Owner and Solutions Engineer since 2004. Prior to eEye, he was Beta Development Manager for Computer Associates, Inc. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In: