Webinar test 25 Oct
- October 25 @ 9:00 am (CEST)
The Guardian reported yesterday on a new legal threat for firms in the United Kingdom: huge fines for cyber security failures. Why would the government decide to add insult to injury? The goal is to force companies to get their act together.
We reported earlier on the rise of ransomware and noted just yesterday in our announcement of a ransomware protection app the massive costs to business these attacks can have. These attacks have also hit the National Health Service, causing significant disruption to public services. The UK government is now looking for ways to increase pressure on companies to implement preventive measures and improve processes of dealing with cyber attacks.
While bugs in code and their consequences are to some degree inevitable, there is a lot organizations can do to prevent their infrastructure from attacks and to react adequately once a breach has taken place. The goal of the new penalties is thus not to punish those who, despite all effort, get hacked. Rather, it is to increase the cost for those who decided not to invest in prevention and protection.
If, thus, a major cyber attack results in disruption to services such as transport, health or electricity, an investigation is started. If it is concluded that the victim of the cyber attack had failed to take measures to prevent or deal with security failures, a fine of up to 4% of yearly turnover can be given.
This is merely another reminder of the growing threats businesses face. Picking the right technologies to depend on is the first and perhaps most important step in protecting your infrastructure.
Sadly, vendors are often hostile to security researchers reporting vulnerabilities. Many invest little beyond what gets them marketing attention.
Here are a few factors to consider to avoid such vendors:
And a last point: encryption is great. Modern encryption cyphers are rarely broken. Instead, crypto is bypassed! Amazon’s Kindle and Samsung Galaxy protections were bypassed by replacing the key or remove the signature checking code. Bad development practices and a lack of security reviews isn’t fixed with encryption!
I love crypto, it tells me what part of the system not to bother attacking
— Drew Gross, forensic scientist