Cyber Disasters Still Coming? Yes, We Do Not Learn Fast Enough

As Washington Post wrote a story about the old Lopht group visit to the Capitol Hill.

http://www.washingtonpost.com/sf/business/2015/06/22/net-of-insecurity-part-3/

Do you remember the following historical events?

Chicagobeforethefire

True in 1871 Chicago had 330,000 residents. (from https://www.awesomestories.com/asset/view/CHICAGO-IN-1871-Great-Fire-of-1871 )

 

But this is what happened when many things happened simultaneously and overwhelmed the fire department response due to conditions(dry):

chicagomapoffire1871

The area of the fire – most of today’s north sideThechicagofireitself

 

Even though $150 million  in property damage and 300 lives were taken.

It seems in the same day of the Chicago fire the fire of the City of Holland, MI(north shore of Lake Michigan) also took $900,000 in damages with no lives lost.

It took Chicago a year to change the building codes and improved technology helped as well. But as this website notes:

http://education.nationalgeographic.com/education/news/chicago-fire-1871-and-great-rebuilding/?ar_a=1

It wasn’t until 1874 and another fire, which destroyed  800 buildings and 60 acres, because people could not afford the fire-proof materials and just ignored the laws anyway.

 

NOW to my point….  i.e. why bring up ancient history?

Because we are not paying attention to Computer Security even though disaster after disaster is occurring (do I really need to tick them off one by one again?)

http://oversitesentry.com/health-records-breached-no-cyberinsurance-payout-why-stupidity/

http://oversitesentry.com/ransomware-scourge-of-cybersecurity/

OPMlogoanthembluecrosslogo   not to mention the biggest failures lately

The Washington Post article notes that in May of 1998 there was a dire warning given with a few concrete examples, but mostly the political people listened and went about their business. The software industry made some changes but not enough, it took Microsoft another 6 years before the “Security Initiative” started pushed by Bill Gates himself.

 

When we develop any software we must be thinking of the security  of the software. Also when we set up a computer we need to set up the security of the computer.

And ALL of us must have enterprise level security. Compliance is not enough.

 

What is enterprise security?  This is where  all the options in security are used.

NGFW – Next Generation Firewall  (interesting we use the nomenclature of ‘firewall’)

CloudSOC – cloud Security operations center

Patch management

Email spam management

A threat intel department

A scan of your systems department (Like our Alpha scan etc) even constant vulnerability analysis

Test your websites both manually and in an automated fashion.

These 7 items are minimal functions.

 

cloud-virtual-security

 

I do like this image because it shows where our industry is today – computer security one piece of the major new initiatives in IT.

we need to imbed security in our thinking – create a culture of security which only uses up a certain amount of our time, but has to be thought about (10-15 % of time max)

 

 

 

 

Advertisements

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.