Why the security industry never actually makes us secure

[InfoSec News <alerts () infosecnews org>]

http://news.cnet.com/8301-27080_3-57389046-245/why-the-security-industry-never-actually-makes-us-secure/

By Elinor Mills
InSecurity
CNET News
March 3, 2012

SAN FRANCISCO -- Every year, security vendors gather at the RSA 
conference here to reaffirm their commitment to fencing out hackers and 
keeping data safe. And every year, corporate and government Web sites 
continue to fall victim to basic attacks. Heck, ubersecurity firm RSA 
itself was compromised not that long ago, as was digital certificate 
heavyweight VeriSign, even if it didn't admit it for two years.

In other words, very little changes from year to year beyond the 
buzzwords du jour bruited about by security vendors. "It's Groundhog 
Day," says Josh Corman, director of security intelligence at Akamai.

Art Coviello, executive chairman of RSA, at least had the presence of 
mind to be humble, acknowledging in his keynote that current "security 
models" are inadequate. Yet he couldn't help but lapse into rah-rah 
boosterism by the end of his speech. "Never have so many companies been 
under attack, including RSA," he said. "Together we can learn from these 
experiences and emerge from this hell, smarter and stronger than we were 
before."

Really? History would suggest otherwise. Instead of finally locking down 
our data and fencing out the shadowy forces who want to steal our 
identities, the security industry is almost certain to present us with 
more warnings of newer and scarier threats and bigger, more dangerous 
break-ins and data compromises and new products that are quickly 
outdated. Lather, rinse, repeat.

[...]


______________________________________________________________________________
CISSP and CEH training with Expanding Security is the fastest, easiest way
to grock the relevant data you need now.   A free class invite is in every
PainPill.  Sign up for the free weekly PainPill.  It's that easy.
http://www.expandingsecurity.com/PainPill