ACCORDING to RSAC 2026 CONFERENCE — San Francisco — organisations repeatedly make the same cybersecurity mistakes, from ports exposed to the Internet and weak passwords to patching gaps and insufficient logging.
Arielle Waldman, Dark Reading’s features writer, reports on a session noting that mistakes offer opportunities to learn, with Megan Benoit highlighting eight common errors and stressing the need to “prevent incidents before they happen.” A key example described is a customer whose website had been hacked due to a vulnerable CMS that had not been patched since 2018, a practice Benoit warns still matters even if the breach happened only once.
The piece also covers how OAuth consent and modern authentication can be misused when not properly managed, potentially allowing attackers to bypass MFA and access sensitive data if they obtain tokens. Be nice to developers is suggested as a fix, along with practical steps such as running two endpoint detection and response tools and tightening password management and identity protections.
The article, published on 26 March 2026, argues that improving collaboration between security and development teams can help organisations level up their security programs.