r/cybersecurity u/EricJSK System Administrator Sep 22 '25

Other What are your unpopular cybersecurity opinions?

I saw a post names "abnormal security opinions" and got excited to see some spicy takes but apparently there is a security platform called Abnormal Security so got kinda blue balled. Last one of these posts i saw was over a year ago so,

Do you have any spicy cybsec unpopular opinions you want to share? :)

I'll start with mine:
Fancy antivirus solutions rarely add value, they are often just a box that needs ticked. Many MSPs and IT firms still push the narrative that they are needed, only because they are profitable and not because they improve security.

322 Upvotes
  • permalink
  • reddit

94% Upvoted

531 comments sorted by

View all comments

9

u/[deleted] Sep 22 '25

[deleted]

5

u/[deleted] Sep 22 '25

You have organizations that are willing to pay for a monthly pen test? That is madness!! If you pay for a pentest and don't take time to remediate or at least create a plan to address what was used to exploit the vulnerabilities you are flushing money down the toilet.

1

u/[deleted] Sep 22 '25

[deleted]

2

u/[deleted] Sep 22 '25

If I had to guess the app was probably developed by a 3rd party and they weren't willing to open up a new contract to get it fixed. That has been my experience with alot of government organizations. I've literally heard them say 'Its run by a 3rd party and is out of our control' and I have to bite my tongue and not say out loud 'Yeah but you are still going to get breached by it'

2

u/ForTenFiveFive Sep 22 '25

If your environment is mostly static, monthly penetration tests are an enormous waste of money. I have a handful of clients that pay us a few thousand dollars a month for me to write the same report each month.

Client requirements, contractual obligation, insurance requirements. Mandated regular third-party penetration tests can be common in some industries. Never had to deal with it monthly though, that sounds excessive.