Cybersecurity Giant Vendor Fail Is Official: No Easy Fix
March 15, 2021
The marketing claims were hot air, it seems. The New York Times reports “White House Weighs New Cybersecurity Approach after Failure to Detect Hacks.” Let me be clear. Organizations spending money for advanced, artificially intelligent, and proactive methods for dealing with cyber attacks face some difficult circumstances. First, the cash is gone. Second, the fix is neither quick nor easy. Third, boards of directors and those with oversight will ask difficult questions to which there are no reassuring answers; for example, “What information has been lost exactly?”
The answer: “No one knows.”
The NYT states:
… The hacks were detected long after they had begun not by any government agency but by private computer security firms.
Let’s be clear. The SolarWinds’ misstep was detected because a single human chased down an anomaly related to allowing access to a single mobile phone.
Several observations are warranted:
- Cybersecurity vendors have been peddling systems which don’t work
- Companies are licensing these systems and assuming that their data are protected. The assumption is flawed and reflects poorly on the managers making these decisions.
- The lack of information about the inherent flaws in the Microsoft software build and updating processes, the mechanisms for generating “on the fly” builds of open source enabled code, and the indifference of developers to verifying that library code is free from malicious manipulation underscores systemic failures.
Remediating the issue will take more than BrightTALK security videos, more than conference presentations filled with buzzwords and glittering generalities, and more than irresponsible executives chasing big paydays.
The failure in technical education coupled with the disastrous erosion of responsible engineering practices has created “intrusions.”
Yes, intrusions and other impacts as well.
Stephen E Arnold, March 15, 2021
Comments
-
- Subscribe to Beyond Search
Feature archive
News archive
-
