Orca exec warns against chasing security trends

Orca Security's chief innovation officer, Avi Shua, cautions that the cybersecurity industry's perennial fixation on anointing a new "most critical" defensive layer, whether identity, runtime, or AI security, mirrors a flawed psychological pattern where dramatic but rare threats overshadow the mundane, persistent vulnerabilities that actually enable most breaches, according to Forbes.

Writing from Sydney, Shua draws a parallel to the disproportionate media coverage of shark attacks versus heart disease, arguing that while organizations eagerly deploy sophisticated new tools in response to shifting hype cycles, they routinely neglect the unglamorous discipline required to patch exposed workloads and constrain excessive permissions. He notes that Orca's research reveals nearly one-third of cloud assets are neglected, each harboring an average of over one hundred vulnerabilities, and that 76% of organizations maintain at least one public-facing asset permitting lateral movement.

"Most breaches are preventable," Shua asserts, but prevention hinges less on acquiring the latest category of control and more on methodically dismantling the interconnected chains of exposure, the predictable paths attackers traverse from a single misconfiguration to sensitive data stores, that have persisted for years.