Why are There Cyber Security Issues?

Why are there constant patches for security problems that are inside software? Why???

Why do we have New Security breaches? every year new ones are found and hackers find them to hack computers (which happen to have this breached software).

At the end of last year (2015) everyone was being circumspect and reviewed what happened – why is it we get new breaches and attacks every year?

There are also several blogs that have taken umbrage with Verizon’s DBIR (Data Breach Investigations Report)

Here are some:

OSVDB¹ blog
Rapid7 Blogpost²

Found another interesting analysis of Verizon’s DBIR: FoxGlovesecurity(6)

FoxGloveSecurity researched the types of vulnerabilities and categorized them (of the ones in the report). Foxglove says the focus should be on remote command execution and impact (51)

Remote Command Execution – 51 Instances

SQL Injection – 12 Instances
Default Credentials – 6 Instances
Insecurely Configured Application Server – 6 Instances
Guessed Password – 5 Instances
Outdated Software – 5 Instances
SQL User is SA – 5 Instances
Single Factor Authentication – 3 Instances
Command Injection – 2 Instances
Insecure File Upload – 2 Instances
Public Credential Leakage – 2 Instances
Unsafe Deserialization – 2 Instances
Reflected Cross-site Scripting – 1 Instance

Notice that there are a fair amount of errors in configuration or administration fault:

default credentials, insecure server config, guessed password,SQL User is SA, single factor authentication (30 instances) 59% of the remote command execution impact table are errors of some kind.

The top10 vulnerabilities in the report were:

SQL Injection – 38 Instances
Insecure Authorization – 23 Instances
Insecure Direct Object Reference – 15 Instances
Stored Cross-site Scripting – 13 Instances
Insecure Authentication – 9 Instances
Insecure Password Reset – 9 Instances
Guessed Password – 9 Instances
Default Credentials – 8 Instances
Single Factor Authentication – 8 Instances
Insecurely Configured Application Server – 6 Instances

Foxglove took the 51 remote code executions out of the top10 (138 instances) which are the most dangerous.

So obviously there are many potential vulnerabilities and system administration pitfalls which many entities can’t seem to handle.

I have another question to ask: Why is Security so Hard? I ask this because the hits just keep on coming.

“Hackers Breach Goldcorp, Lifeboat, Qatar national Bank”³ 5/4/16 story

“The Future of our City Services? Cyberattackers target Core Water Systems”(4) 3/23/16 story

“Another Hospital Computer System Down to Ransomware”(5) 2/29/16 story

My attempt at explaining the thoughts that may go through management (above picture).

Apparently the difficulties of proper IT administration with security in mind has not been solved yet by most organizations.

What is so difficult to patch all your computers, change default admin passwords, and even to make sure the system administrator and userid are not the same. Single factor authentication might have to do with budget considerations or not having the technical ability to handle switching to 2FA (Two Factor Authentication).

So the effect of a constant change in security, the technical challenges as well as administrative changes is just difficult enough to give many companies problems.

One solution is to have an outside entity test your environment.

I know my solution is somewhat technical – but the point is to have a person test your environment (firewall, software, websites, or wifi device) so that the administration or configuration problems can be reviewed and fixed by the staff themselves.

The answer to the title is there will always be cybersecurity issues with humans running things because stuff happens and nothing is perfect.

Contact Me to discuss

Why are There Cyber Security Issues?

Like this:

Leave a Comment