Cyber Security and Its Soft Underbelly
August 18, 2019
DarkCyber found “We Asked Def Con Attendees Why People Are Still Getting Hacked” quite interesting. The write up presents information from different individuals and sources about the surprising ineffectiveness of cyber security. Significant money, dozens of start ups, and some mouth watering marketing have been generated. But the big question, “Why are people still getting hacked?” remains perched on a power line like a digital bird of prey.
Here are a couple of statements from the write up which DarkCyber finds interesting:
As the [cyber security] industry matures, it’s becoming clear that it must be held accountable for a lack of diversity and a sometimes toxic and misogynistic culture.
This theme does sound familiar. Perhaps the opportunity to make money and do some “real coding” is in a business sector where the investment dollars are flowing and the personal payoffs are possibly higher.
Why are people getting hacked? DarkCyber noted a couple of points which are difficult to deflect:
- People will always get hacked. This answer to the question is the digital equivalent of “just because.”
- People are the weak link: Loose lips, friends, being human. This answer to the question is related to “just because.”
- People don’t update their systems. Yep, humans again.
What’s the fix? Teach those humans what to do.
Perhaps a better question is, “What’s the business sector with more potential for a coder who is not interested is displaying pizza joint icons on a mobile map?”
The answer is cyber security. The write up explains the answer this way:
There’s more money pouring into cybersecurity than ever, but we continue to see high-profile (and devastating) hacks. At the same time, cybersecurity as an industry is no longer made up of lone coders and small, grey-hat hacking groups; it’s a gigantic industry with startups worth billions of dollars.
Is it possible that the incentive to “fix” cyber security is that there is easy money, fearful customers, and uncertain outcomes for those breached.
FUD worked for IBM, and it may be working for the cyber security sector today and it may be the horse to back in the race to big paydays tomorrow.
But those pesky humans—still a problem.
Stephen E Arnold, August 18, 2019