Numerous studies have shown that most companies fail to effectively implement even the most basic cybersecurity controls such as patching known vulnerabilities and limiting the number of users with administrative privileges. Such controls will not stop advanced attacks, but they can make cyberspies work harder. And by stopping lower-level attacks with these controls, they can free up corporate resources to address more sophisticated attacks.
In addition, information sharing will provide little benefit unless companies have the people and processes to use that information effectively. Financial incentives, such as tax breaks and fines, may be the best tools for changing corporate decisionmaking on this issue, but all options should be explored.
