Wednesday, September 23, 2015

Cyber-Security Vulnerability

"Organizations can't say, 'We're losing the arms race'. They have to say they are bulletproof. It is a business reality."
"Let's say RBC comes out and said, 'We're really not that good at privacy. We probably have some problems protecting  your data'. Would you bank there?" 
"If [companies] have valuable data, breaches are mathematically inevitable."
Scott Montgomery, chief technical strategist, Intel Security Group, Intel Corp.

"If they haven't been breached, they will be. I think every organization will concede today that it'll only be a matter of time. [Attackers] are spending lots of time learning and looking for vulnerabilities. In many cases, the attackers know more about the internal IT infrastructure than the organization knows."
Ali Solehdin, senior product manager, Absolute Software Corp., Vancouver
Ashley Madison's high-profile hacking was pretty much inevitable, even though its former CEO had said otherwise.
Carl Court/Getty Images   Ashley Madison's high-profile hacking was pretty much inevitable, even though its former CEO had said otherwise.

"I said, how's it going? And she said, 'I really don't know. It's so hard to manage. I'm not sure which tools are valuable [in cybersecurity] and which aren't." This was the response that Scott Montgomery got from questioning a woman who was the CIO of a global enterprise in speaking of her organization's fight to combat data breaches; using a web of 80 cybersecurity tools, built by 60 manufacturers.

What is known is that confidential data are stolen and leaked just about everywhere now. In the process disrupting operations, cutting into stock prices and having a price of millions in cleanup attempts. Yet most company heads state with seeming confidence that their data are entirely safe. And then, when it becomes public knowledge that they've been breached, they express the quandary of helplessness.

And they end up like Toronto's Avid Life Media Inc., facing lawsuits seeking class-action status in Canada and the United States when the "King of Infidelity" was brought down some notches as Ashley Madison accounts were made public  and the company squirmed attempting to evade responsibility for its attitude of confidentiality not backed up by true security.

Breaches have become commonplace. FireEye Inc.'s latest annual threat report states that the presence of breaches typically go unnoticed for about 205 days before the discovery is made that security is a word, not a reality. According to a survey by PwC cybersecurity, incidents detected by 9,700 respondents increased in 2014 to 42.8 million, representing 117,260 attacks a day. They increased from 20.5 million in 2013 and 3.4 million in 2009.

In many instances, when breaches are revealed, it is discovered that there are disaffected people with personal grievances against a specific company involved; current and former employees. PwC claims staffers represent the most-cited culprits of security breakdowns. The number of corporate email addresses found in the Ashley Madison database represents a case in point.

In conversation with an American two-star admiral in charge of the Navy network rife with malware, Scott Montgomery recalls telling him that the situation of infected files and vulnerable systems represented a potential disaster The admiral was unconcerned until he was made aware that the intelligence used to complete military missions could be compromised and possibly altered by an adversary.

Labels: ,

Follow @rheytah Tweet