Why We Need A Cybersecurity Validation Standard
Blocks & Files, Monday, October 6th, 2025
Any organization that has not been hit by ransomware thinks, by default, that its defenses are good.
If internal voices are raised, saying it needs to upgrade its defenses, supporters balk at the costs involved and assume that, since we haven't been hit yet, we must be OK. They realize that many other organizations have been hit and sometimes severely damaged, but assume that their defenses were inadequate, which they obviously were. If our defenses are good, and they must be because we haven't been hit, then we don't need to spend extra money strengthening them when there are so many other demands on that money.