Analysis & Commentary on the Week’s Cyber Security Issues
The “so what” factor feeds and aggregators don’t give you.
Why you’re not investing enough in IT security
We all agree that IT security is a major issue facing all companies. But what has brought on the change? For such a complicated and widespread problem, the reason is actually quite simplistic: budget.To put it into laymen terms, CEOs and boards have spent a lot of time and money enticing customers in the front door and making sure the front end of the business works efficiently, all the while leaving the back door wide open for criminals to come in and take what they want. (CSO Online)
Inadequate intelligence integration
Many organizations flirt with the notion of threat intelligence. Academically it makes sense [However,] Most organizations do not have a large enough threat intelligence and/or counterintelligence organization to process all the received intelligence in an efficient and effective way. As such, intelligence becomes little more than a lagging indicator. The volume of data from free, paid and hybrid intelligence services is overwhelming and brings baggage… (CSO Online)
Hacking, Cyber-Security, and Asymmetric Threat
In the recent past, our government has been concerned about Chinese hacking. Today, it’s concerns about Russia. In the evolving world of cyber warfare, it’s not just governments that pose large threats. An NBC report quoted a “security analyst” (in their words) who said: “…a single individual is very capable of waging cyber war at a level we previously attributed only to intelligence agencies or crime syndicates.” (Windows IT Pro)
Giuliani as a Cybersecurity Advisor for Donald Trump Does Not Bode Well
Well, the good news is that authoritarian former New York City Mayor Rudy Giuliani will only be serving President-Elect Donald Trump’s administration as an advisor on cybersecurity issues. But it’s still bad news that Giuliani is going to be connected at all. Though Giuliani has been working as a security consultant in the private sector, tech experts blasted the cybersecurity vulnerabilities of his company site, which is now no longer even accessible online. (Reason)
Angst-ridden cyber security experts layered on the snark on this announcement: not one provided proof of their application to join the incoming administration. Every report about a vulnerable (or hacked) web site recalls for me this XKCD cartoon. The fact of the matter is that Rudy is perfect for the role when you remember the job is not a technical one. Technical experts decrying the lack of such expertise in policy people is like complaining a running back can’t throw a curve ball: two different gigs. Its easy to criticize, and its easy to use someone’s politics as an excuse for vitriol, but cybersecurity is a bipartisan issue. If you’re not willing to serve on a level greater than yourself, or at least set aside your personal politics and provide advice any chief executive would fine useful, you should expect to continue to be lone voice in the wilderness.
Who’s winning the cyber war? The squirrels, of course
For years, the government and security experts have warned of the looming threat of “cyberwar” against critical infrastructure in the US and elsewhere. Predictions of cyber attacks wreaking havoc on power grids, financial systems, and other fundamental parts of nations’ fabric have been foretold repeatedly over the past two decades. So far, however, the damage done by cyber attacks, both real and imagined or exaggerated cannot begin to measure up to an even more significant cyber-threat—squirrels. (ARSTechnica)