The Cost of Cyber Security Misconfiguration

July 18, 2022

The numbers tossed around about the cost of a security breach are interesting. I have formed the opinion that the cost estimates are a result of what I have called spreadsheet fever. Plug in numbers, make them flow, and go, baby, go. I read “Razer Seeks $7m from Capgemini for 2020 Data Breach.” The write up explains:

The Singapore-born gaming firm is seeking compensation of nearly US$7 million in damages, which also includes a US$2,000 reward to the security researcher who discovered the breach under the company’s bug bounty program.

What outfit is the target of the litigation? The write up says:

In its lawsuit, Razer alleged that the security breach was the result of a misconfiguration of the “ELK Stack,” caused by one of Capgemini’s employees.

The ELK is not the majestic animal. The ELK in the cyber context represents open source software glued together to deliver a range of security features. The trick is the configuration. Get a setting wrong, and the ELK is less healthy than some observers suspect. An unhealthy ELK can be problematic. This is not a big dead animal in the climate changed world. This creature puts revenue and others at risk of catching a bad disease themselves; for example, standing in the unemployment line, working the phone to reclaim their identity, and apply for a job at one of the booming cyber security vendors. Well, maybe not that particular angle.

The outcome of the lawsuit may provide some more data about the cost of a cyber screw up and details about the how of the alleged misstep.

Stephen E Arnold, July 19, 2022

Comments

Comments are closed.

  • Archives

  • Recent Posts

  • Meta