As Washington Post wrote a story about the old Lopht group visit to the Capitol Hill.
http://www.washingtonpost.com/sf/business/2015/06/22/net-of-insecurity-part-3/
Do you remember the following historical events?
True in 1871 Chicago had 330,000 residents. (from https://www.awesomestories.com/asset/view/CHICAGO-IN-1871-Great-Fire-of-1871 )
But this is what happened when many things happened simultaneously and overwhelmed the fire department response due to conditions(dry):
The area of the fire – most of today’s north side
Even though $150 million in property damage and 300 lives were taken.
It seems in the same day of the Chicago fire the fire of the City of Holland, MI(north shore of Lake Michigan) also took $900,000 in damages with no lives lost.
It took Chicago a year to change the building codes and improved technology helped as well. But as this website notes:
It wasn’t until 1874 and another fire, which destroyed 800 buildings and 60 acres, because people could not afford the fire-proof materials and just ignored the laws anyway.
NOW to my point…. i.e. why bring up ancient history?
Because we are not paying attention to Computer Security even though disaster after disaster is occurring (do I really need to tick them off one by one again?)
http://oversitesentry.com/health-records-breached-no-cyberinsurance-payout-why-stupidity/
http://oversitesentry.com/ransomware-scourge-of-cybersecurity/
not to mention the biggest failures lately
The Washington Post article notes that in May of 1998 there was a dire warning given with a few concrete examples, but mostly the political people listened and went about their business. The software industry made some changes but not enough, it took Microsoft another 6 years before the “Security Initiative” started pushed by Bill Gates himself.
When we develop any software we must be thinking of the security of the software. Also when we set up a computer we need to set up the security of the computer.
And ALL of us must have enterprise level security. Compliance is not enough.
What is enterprise security? This is where all the options in security are used.
NGFW – Next Generation Firewall (interesting we use the nomenclature of ‘firewall’)
CloudSOC – cloud Security operations center
Patch management
Email spam management
A threat intel department
A scan of your systems department (Like our Alpha scan etc) even constant vulnerability analysis
Test your websites both manually and in an automated fashion.
These 7 items are minimal functions.
I do like this image because it shows where our industry is today – computer security one piece of the major new initiatives in IT.
we need to imbed security in our thinking – create a culture of security which only uses up a certain amount of our time, but has to be thought about (10-15 % of time max)