DanielMiessler.com website Unsupervised Learning has a post SEC vs Solar Winds Cybersecurity’s Enron moment.
The problem is that Cybersecurity is still ‘magic’ to many people and it should not be.
It has to be made into a boring endeavor which will make the defense of a company more likely.
Making a company secure more than allowing the company to be insecure requires a lot of effort and requires accounting and comprehensive planning. It has nothing to do with ‘magic’. There are some situations which require advanced methods but they are not unknown(magic). The situations where advanced methods are required is the pentesting and other attacks on software and hardware which almost do the ‘impossible’? By impossible I do mean as a regular computer user understands.
Computer security professionals understand that all software must be built with foolproof methods for all time for the software to not have any risks associated. As I defined it this is impossible.
What happens is that new technologies get built both in hardware and software that change parameters which create unforeseen circumstances. These circumstances create less secure environments.
An example would be the new chips that AMD and Intel made but did not anticipate they would be used in a cloud environment. To be sure the systems all ran with VMware or other virtual operating systems but were able to be subverted because of the underlying security problem built into the chips. The problem only arose as there were new ways to use the chips. (multiple operating systems running on top of the chip.
Even though sometimes we are going to have problems there are reactions and actions one can make in a company to protect your company as I point out in my book “Too Late You’re Hacked”.
Here is what can happen when the magic and determination on the enemy is better than on the defense:
CBS news report about the Iranian Hack to Aliquippa Water Authority.
” Matthew Mottes, the chairman of the board of directors for the Municipal Water Authority of Aliquippa, confirmed to KDKA-TV that the cyber group, known as Cyber Av3ngers, took control of one of the stations. An alarm went off as soon as the hack had occurred.”
Prevent the hacks of hour business get my book “Too Late You’re Hacked”and defend your networks!!