SoylentNews is people
SoylentNews
Society is operating under the illusion that governments and corporations are taking rational choices about computer security, but the fact of the matter is that we're drowning under a sea of false positive, bad management, and a false belief in the power of technology to save us.
"The government is very reactive," said Jason Truppi, director of endpoint detection and response at security firm Tanium and a former FBI investigator. "Over time we've learned it wasn't working - just being reactive, not proactive."
Truppi said we need to puncture the belief that government and industry are working together to solve online threats. In reality, he says, the commercial sector and government are working to very different agendas and the result is a hopeless mishmash of confusing loyalties.
On threat intelligence sharing, for example, the government encourages business to share news of vulnerabilities. But the subsequent investigations can be wide-ranging and lead to business' people being charged for unrelated matters. A result companies are increasingly unwilling to share data if it exposes them to wider risks.
The fact of the matter is that companies don't get their own infosec problems and don't care that much. Truppi, who has now moved to the commercial sector, said that companies are still trying to hire good network security people, but bog them down in useless false alerts and management panics.
-- submitted from IRC
(Score: 2, Disagree) by Runaway1956 on Wednesday February 15 2017, @03:28PM
"industry is doing the best it can to secure their systems."
I disagree. Take a look at the banking industry. They do little to nothing to actually secure their money, or even their facility. I've not seen an armed guard in a bank for at least two decades. The last time I can distinctly remember seeing an armed guard in a bank, was 1986 - and I remember him distinctly because I was wearing a gun on my hip. (Forgot I even had the damned thing, walked into the bank, took care of business, and when I turned to leave the counter, the grip hit the oak making a "thunk" noise. I looked down at the gun, and looked up into the eyes of the guard, who smiled and told me to have a nice day.)
Instead, banks rely on video. Rather, they rely on government making use of the video to solve the crime, and to recover any lost funds. The banks are using our tax-dollar funded government to take care of the security for which the banks should be responsible.
Every time you hear or read about another computer crime law, you are reading about the same thing. Just like banks, all other industries expect government to take care of solving crimes. Why should industry bother to prevent crimes, when government is so *cough* competent at SOLVING crimes? Let Uncle Sam shoulder the costs of doing business, and let the insurance companies make up whatever losses.
It COSTS to engineer and build in security. It costs nothing to expect Big Brother to take care of you when your systems fail real world pentesting performed free of charge by wonderful systems analysts around the world.