Compromise is not a secure option

June 2017 News

The past couple of months have been interesting for those in the security industry, especially cybersecurity. With thousands of computers hit by ransomware across the globe, we’ve all had a glimpse of the future: nothing and no-one is safe, and more importantly, you can’t trust those you think you should be able to trust.

The guilty parties in most of these cases were not the criminals themselves, although attacking hospitals is the kind of thing one only expects from the lowest of the low, but the government agencies who kept the software vulnerabilities that were exploited to themselves. It seems like a good idea if your goal is to make everyone in the world subject to your hacking proclivities, but it also shows an extremely immature approach to security.

That may seem like a bold statement, but I don’t think anyone with a real security mindset could believe that they would be the only ones to discover a way in, whether it’s into an operating system or a secure building. There is always some smart person somewhere who can do whatever it is you can do. So hiding vulnerabilities, in my opinion, is stupid.

It’s also very 18th century to take a huge risk in the belief that everyone will keep a secret, especially in a world where names like Assange, Manning and Snowden are held in high respect for exposing abuses of authority, even to their personal risk. As changes in the world show a diversion from the ideals of democracy and liberty that were once held aloft as the ultimate goals for every nation, more people are going to become disillusioned, look for a way to work against ‘the man’, which will result in more leaks and people doing things they think are right, even if they are against the rules.

Keeping vulnerabilities secret in this environment is unconscionable. That’s not to say they should be publicised as soon as they are discovered, but they need to be brought to the attention of those they put at risk and solutions need to be put in place as quickly as possible.

This applies to physical security as well as the virtual world where we already see companies forcing more secure practices from users (except the cheap-and-nasty brands which exist because they cut corners). Whether it is simply forcing users to change default passwords, securing backdoors and hard-coded access routes, or whatever the latest security issue is, each step towards hardening your setup is the right one to take for the vendor, customer, end user and integrator.

End users can no longer afford the luxury of waiting until it’s convenient to ensure their security is up to date, vendors can no longer take the risk of ‘saving’ security upgrades in the hope of selling it as a feature in a new version, and authorities can simply not play childish games and put everyone at risk by hoarding vulnerabilities.

As we have found out and will yet more painfully learn over the next year or two, compromising and kowtowing to criminal and anti-democratic agendas only benefits the criminals.

Andrew Seldon



Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

The latest security trends at Securex South Africa 2023
Securex South Africa News Conferences & Events Training & Education
Security technology evolves at a blistering pace, so it’s important to keep up to date with changing trends in order to ensure maximised safety of human and personal assets. The Securex Seminar Theatre, powered by UNISA, is the place to be.

Sustainability School opens for enrolment
Education (Industry) News Security Services & Risk Management
Three-part programme, first developed for Schneider Electric employees, is now available for free for companies worldwide. Attendees learn how to future-proof their businesses and accelerate their decarbonisation journeys.

From the editor's desk: Get Smart
Technews Publishing News
      Welcome to the fourth issue of Hi-Tech Security Solutions for 2023, which is also the first issue of Smart Security Solutions. As noted in previous issues, Hi-Tech Security Solutions has been rebranded ...

Matt De Araujo joins Ajax Systems
Ajax Systems News Perimeter Security, Alarms & Intruder Detection
Matt De Araujo has joined Ajax Systems as Head of Sales in sub-Saharan Africa with a goal to strengthen the local team and exceed expectations.

Elvey partners with HALO
Elvey Security Technologies News CCTV, Surveillance & Remote Monitoring
Elvey Group has partnered with HALO Europe to provide Africa’s first body-worn solution with zero upfront costs. This includes an IP68-certified body camera and a 4G-connected device.

Accenture Technology Vision 2023
Editor's Choice News
New report states that generative AI is expected to usher in a ‘bold new future’ for business, merging physical and digital worlds, transforming the way people work and live.

Cyber attackers used over 500 tools and tactics in 2022
Cyber Security News
The most common root causes of attacks were unpatched vulnerabilities and compromised credentials, while ransomware continues to be the most common ‘end game’ and attacker dwell time is shrinking – for better or worse.

Economists divided on global economic recovery
Editor's Choice News
Growth outlook has strengthened in all regions, but chief economists are divided on the likelihood of a global recession in 2023; experts are concerned about trade-off between managing inflation and maintaining financial stability, with 76% anticipating central banks to struggle to bring down inflation.

Success in business process best practices
Technews Publishing Kleyn Change Management Editor's Choice Integrated Solutions Security Services & Risk Management
This month we commandeer time with the woman who is spearheading our national conversation on Women in Security, Lesley-Anne Kleyn, to get to know the lady herself a little better.

AI face recognition OEM module
Suprema News Access Control & Identity Management Products
Suprema AI, a company specialized in artificial intelligence–based integrated security solutions, recently launched its high-performance face recognition OEM module called ‘Q-Face Pro’ in response to the growing need for contactless security solutions.