BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Outgunned: How Security Tech Is Failing Us

From: Christine Fulgham <christine () opensecurityfoundation org>
Date: Mon, 11 Oct 2010 13:19:07 -0400
http://www.informationweek.com/news/security/antivirus/showArticle.jhtml?articleID=227700360

Information security professionals face mounting threats, hoping some mix of
technology, education, and hard work will keep their companies and
organizations safe. But lately, the specter of failure is looming larger.

"Pay no attention to the exploit behind the curtain" is the message from
product vendors as they roll out the next iteration of their all-powerful,
dynamically updating, self-defending, threat-intelligent, risk-mitigating,
compliance-ensuring, nth-generation security technologies. Just pony up the
money and the manpower and you'll be safe from what goes bump in the night.

Thing is, the pitch is less believable these days, and the atmosphere is
becoming downright hostile.

We face more and larger breaches, increased costs, more advanced
adversaries, and a growing number of public control failures. Regulation and
litigation have both increased. We're still struggling with the expensive
PCI initiative, an effort as controversial as its efficacy is
questionable--U.S. businesses continue to hemorrhage credit card numbers and
personally identifiable information. The tab for the Heartland Payment
Systems breach, which compromised 130 million card numbers, is reportedly at
$144 million and counting. The Stuxnet worm, a cunning and highly targeted
piece of cyberweaponry, just left a trail of tens of thousands of infected
PCs. Earlier this month, the FBI announced the arrest of individuals who
used the Zeus Trojan to pilfer $70 million from U.S. banks. Zeus is in year
three of its reign of terror, impervious to law enforcement, government
agencies, and the sophisticated information security teams of the largest
financial services firms on the planet.

[...]

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Take CREDANT Technologies short survey on cloud usage and security.
Take the survey: http://www.surveymonkey.com/s/TXDR7WT
Respond by October 12, 2010.
Enter to win a $500(US) Amazon Gift Card.
Previous By Date Next
Previous By Thread Next

Current thread: