Compromise is not a secure option

June 2017 News & Events

The past couple of months have been interesting for those in the security industry, especially cybersecurity. With thousands of computers hit by ransomware across the globe, we’ve all had a glimpse of the future: nothing and no-one is safe, and more importantly, you can’t trust those you think you should be able to trust.

The guilty parties in most of these cases were not the criminals themselves, although attacking hospitals is the kind of thing one only expects from the lowest of the low, but the government agencies who kept the software vulnerabilities that were exploited to themselves. It seems like a good idea if your goal is to make everyone in the world subject to your hacking proclivities, but it also shows an extremely immature approach to security.

That may seem like a bold statement, but I don’t think anyone with a real security mindset could believe that they would be the only ones to discover a way in, whether it’s into an operating system or a secure building. There is always some smart person somewhere who can do whatever it is you can do. So hiding vulnerabilities, in my opinion, is stupid.

It’s also very 18th century to take a huge risk in the belief that everyone will keep a secret, especially in a world where names like Assange, Manning and Snowden are held in high respect for exposing abuses of authority, even to their personal risk. As changes in the world show a diversion from the ideals of democracy and liberty that were once held aloft as the ultimate goals for every nation, more people are going to become disillusioned, look for a way to work against ‘the man’, which will result in more leaks and people doing things they think are right, even if they are against the rules.

Keeping vulnerabilities secret in this environment is unconscionable. That’s not to say they should be publicised as soon as they are discovered, but they need to be brought to the attention of those they put at risk and solutions need to be put in place as quickly as possible.

This applies to physical security as well as the virtual world where we already see companies forcing more secure practices from users (except the cheap-and-nasty brands which exist because they cut corners). Whether it is simply forcing users to change default passwords, securing backdoors and hard-coded access routes, or whatever the latest security issue is, each step towards hardening your setup is the right one to take for the vendor, customer, end user and integrator.

End users can no longer afford the luxury of waiting until it’s convenient to ensure their security is up to date, vendors can no longer take the risk of ‘saving’ security upgrades in the hope of selling it as a feature in a new version, and authorities can simply not play childish games and put everyone at risk by hoarding vulnerabilities.

As we have found out and will yet more painfully learn over the next year or two, compromising and kowtowing to criminal and anti-democratic agendas only benefits the criminals.

Andrew Seldon

Editor



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Strong industry ties set Securex South Africa apart
News & Events Training & Education
Securex South Africa, co-located with A-OSH EXPO, Facilities Management Expo, and Firexpo, is a meeting place of minds, where leading security, safety, fire, and facilities professionals come together, backed by strong ties with the industry’s most influential bodies.

Read more...
Connected commercial drone market to reach US$37.3 billion
News & Events Commercial (Industry) IoT & Automation
The global market for connected commercial drones is forecast to grow from US$18.6 billion in 2024 at a compound annual growth rate (CAGR) of 15% to reach US$37.3 billion in 2029

Read more...
Phishing attacks through SVG image files
Kaspersky News & Events Information Security
Kaspersky has detected a new trend: attackers are distributing phishing emails to individual and corporate users with attachments in SVG (Scalable Vector Graphics) files, a format commonly used for storing images.

Read more...
Fully-integrated browser AI
News & Events
Opera Mini now provides all its smartphone users with its own free built-in browser AI, Aria, including AI chat, Ask Aria and image generation. According to an Opera survey, 80% of South Africans want AI tools integrated into their browser.

Read more...
Amendments to the Private Security Industry Regulations
Technews Publishing Agriculture (Industry) News & Events Associations
SANSEA, SASA, National Security Forum, CEO, TAPSOSA, and LASA oppose recently published Amendments to the Private Security Industry Regulations regarding firearms.

Read more...
Local innovation driving excellence in FM
Securex South Africa News & Events
As organisations seek cost-effective, sustainable, and high-quality solutions, home-grown facilities management innovation is proving to be a critical driver of operational efficiency and long-term success.

Read more...
Local is a lekker challenge
Secutel Technologies Technews Publishing AI & Data Analytics
There are a number of companies focused on producing solutions locally, primarily in the software arena, but we still have hardware producers churning out products, many doing business locally and internationally.

Read more...
A passport to offline backups
SMART Security Solutions Technews Publishing Editor's Choice Infrastructure Smart Home Automation
SMART Security Solutions tested a 6 TB WD My Passport and found it is much more than simply another portable hard drive when considering the free security software the company includes with the device.

Read more...
PIV-ready High Sec Controller 7000
News & Events
Gallagher Security announced the release of the latest addition to its controller product range; the High Sec Controller 7000, which incorporates all the core functions of the C7000 Standard variant released less than 18 months ago.

Read more...