A dismal industry: The unsustainable burden of cybersecurity
Cybersecurity is finally a cool industry, claimed Brian Bertacini of BSI America, speaking on a panel of computer security experts in San Francisco this week.
Cybersecurity is not cool; I see it as a dismal industry for several reasons. If your product works, nothing happens, and nothing was stolen, and there’s nothing to report.
But you haven’t invented a new technology or innovated a new business process. You’ve just plugged known vulnerabilities, and there’s nothing to prevent future unknown attack vectors. It must be a very unsatisfying situation — especially since there are huge numbers of undiscovered vulnerabilities in every IT system. Durgesh Gupta, VP of Information Security at NASDAQ, said his team discovers 40,000 new vulnerabilities in their software every month.
NASDAQ’S 100 MILLION ATTACKS
Gupta said that NASDAQ detects more than 100 million attacks per month. Every three months, its senior executives go through a mock-attack and figure out what responses should be if this were real. And it regularly meets with Homeland Security experts, who offer advice, help, and warnings of attacks.
But not every company can rely on government help. Sony had a massive breach that was blamed on North Korea, and it asked for US government help but received none. And the FBI won’t open an investigation unless more than $500,000 of losses have been reported.
Ray Rothrock, chairman of RedSeal, said that total protection is impossible because attacks will be ever more sophisticated. He believes the best response is a fast response: Catch the attack and close it down as quickly as possible. And report it — don’t cover it up.
Gary Sevounts CMO at Kount says the attack vectors are multiplying because of the use of cloud-based IT and multi-cloud based IT applications which add further complexity to the security problem.