The Same Old Problems Nag Cybersecurity Professionals Cybersecurity Dive 3922

The same old problems nag cybersecurity professionals – Cybersecurity Dive

Technical complexities abound as the perceived level of risk rises in an unrelenting fashion.
Cybersecurity professionals are battling the same old problems as systems get more complex, further complicating security, a group of executives said last week on a concluding panel at Black Hat USA in Las Vegas.
Deep-rooted problems show no signs of letting up and it’s hard to imagine levels of complexity reaching a peak, said Chris Eng, chief research officer at Veracode.
This widely held view that things are going to get worse before they get better, if at all, pops up frequently, backed by recent experiences and hard data. 
Phishing attacks recently targeted employees at Cisco, Cloudflare and Twilio, the latter of which spread fallout to at least 125 downstream customers. And the unrelenting pace of vulnerability discoveries and patches has become a chronic dilemma for cybersecurity professionals
Software vulnerabilities accounted for nearly half of all cases of initial access used by threat actors to deploy ransomware during the last year, according to Palo Alto Networks’ Unit 42.
While changes in front-end frameworks or programming languages can reduce the frequency of common mistakes, the development of new languages and frameworks is creating entirely new ecosystems and additional complexity as a result, Eng said.
Some of these challenges are manifesting in different ways as it applies to new technology, but the cybersecurity community needs to be quicker at adapting the lessons it’s already learned collectively, he said.
“We already know about basic secure coding issues. We know what things to do in large part, and they’re just not getting done,” Eng said. “So, good job security.”
That discouragement met bits of sarcasm as he and other panelists held court with beers in hand to mark the event’s conclusion.
Misguided focus among cybersecurity professionals is partly to blame, the experts said.
The industry is so focused on endpoints that it’s missing actual problems and neglecting the need to address the motivations of attackers, according to Matt Suiche, director of memory and incident response research and development at Magnet Forensics.
Despite all of these problems, and there are many, Natalie Silvanovich, security researcher at Google, remains optimistic.
Much of the complexity in systems is unnecessary, and she’s confident people will eventually acknowledge the impact this has on security and make proper adjustments. 
Silvanovich said she’s inspired and emphasized the need for a positive perspective. “I think everyone should keep at it,” she said. “I think one day we are going to solve these problems or at least make a lot of headway.”
Get the free daily newsletter read by industry experts
Insurers evaluate how a company leverages technology and what internal standards are in place to manage risk.
Companies trying to fill cybersecurity roles need to stop looking for unicorns and expand their search to qualified, but often overlooked, job candidates.  
Keep up with the story. Subscribe to the Cybersecurity Dive free daily newsletter
Keep up with the story. Subscribe to the Cybersecurity Dive free daily newsletter
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
Want to share a company announcement with your peers?
Share your announcement
Insurers evaluate how a company leverages technology and what internal standards are in place to manage risk.
Companies trying to fill cybersecurity roles need to stop looking for unicorns and expand their search to qualified, but often overlooked, job candidates.  
The free newsletter covering the top industry headlines

source

Leave a Comment

Leave a Reply

Your email address will not be published.

Primary care docs need 27 hours a day to provide guideline-based care, study finds – FierceHealthcare

Information Security Manager at Datafin Recruitment – IT-Online

Cybersecurity roundup: Cisco, Rapid7 discover vulnerabilities – Healthcare IT News

Amazon tackles cyber security with a new PSA – CNBC