Understanding the Core Problem in Cyber Security

Posted on by
Reply

From a technical standpoint, in terms of why bad things happen in IT systems, it’s pretty straight forward: We don’t do a good job of controlling access to accounts and we do not monitor accounts for problems. That’s 90% of the problem. It’s account access control. The reason for this is passwords do not work and efforts to standardize and mandate better access control have been poorly supported.

While cyber security may seem very complicated, this is really just because it is so unfamiliar and has been wrapped in mystery.  It is no more complex or perplexing than any other type of security, but it is a relatively small specialty and so there are really only a small number of subject matter experts who have any kind of clear-headed thinking on this one.

For the most part, the problem we have in cyber security is access control.  Specifically, we do not have great authentication of remote access control.  That’s it.  That’s the problem.  In most circumstances, most than 90%, in fact, it comes down to not being able to authenticate that a connection is legitimately who it says it is.  So, for example, the CEO’s email is being read by a foreign hacker, who stole the CEO’s password.

That might sound like it would not be an insurmountable challenge.  I mean, after all, how hard is it to make sure the CEO is who he says he is and not a foreign agent?  Surely, we could track the geolocation or the context or use his approved hardware.  And you would be correct, it is not insurmountable.  In fact, we can close all the holes in access control if we decide to.

Continue reading

A Plea For Sanity

Posted on by
Reply

Hi and welcome to my new blog. If you’re reading this shortly after it was posted, than this site probably does not look like much. It will need a few days to spruce up with some better content and formatting.

But there is an important reason for creating this site: The world seems to have completely lost its mind when it comes to cybersecurity and risk management in general. We never used to have the kinds of losses due to systems being hacked that we have now. In the age of ransomware and rampant fraud, we are seeing one hospital after another, one school, one municipality after another being hit by viscous international terrorist.

Somehow we have normalized this. If it were 1999 and a hospital were shut down by savage criminals, looking to collect extortion money and willing to hurt anyone and divulge data, we would be shocked and appalled, as well we should. We would have had FEMA and the National Guard setting up temporary medical facilities. There would have been a massive response. Arguably, it should never have been dismissed as a minor thing, and just an inevitable thing.

Yet, over the past year almost nobody has noticed that the hospitals in Brooklyn were all closed for over a month, that half the hospitals in Connecticut have been disrupted. Municipalities and emergency services are being disrupted left and right. The amount of money collected by these gangs of thugs has made them unstoppable.

But what is so insane about this? Isn’t it just inevitable that which such smart hackers out there, we’d have no way to defend ourselves?

Continue reading