What’s a little fact or two?

May 2018 News & Events

In the last issue of Hi-Tech Security Solutions we carried an article that reported on a security vulnerability in Hanwha Techwin cameras. As it turns out, the report was correct, but it wasn’t all that correct. By this I mean that although there definitely was a vulnerability, the specifics of how and which users could be impacted were not clear.

As it turns out, the problems were with the consumer versions of the camera and not the professional range. This makes a huge difference to those who may be using those particular cameras, especially these days when a security breach could have a significant impact.

Of course, it’s embarrassing that Hi-Tech Security Solutions only provided some of the story and we apologise for that, but it also raises an interesting issue. There is a trend nowadays to lament the lack of cybersecurity skills in the market, with some figures claiming there are more than a million positions unfilled in the world. Personally, I tend to scoff at these big numbers as there are in fact lots of skills out there, but companies either don’t want to pay for the top skills because supply-and-demand laws are only good when they work in your favour, or they don’t want to have the burden of training people who may not have the experience they require.

Perhaps that’s a bit cynical, but the fact is that when it comes to cybersecurity it’s easy to miss some important facts because too many people don’t know enough about the topic to understand and clearly communicate the issues. And those that do understand may not be very good at putting their knowledge into words that non-technical people can understand.

When someone discovers a security issue, they obviously should notify the manufacturer and provide their data to show the vulnerability at work. The manufacturer should then make haste to resolve the issue. But when does the news get sent out to the rest of the world? We need to know if there are security issues and resolutions for any products we use, but we need to be accurately informed without marketing hype. More specifically, we (users) don’t always need to know the exact technical details of the issue, but rather that there is a fix and how to apply it.

But what about companies that don’t attend to security breach notifications from researchers? How long should they have to resolve an issue before they are exposed for their poor understanding and perhaps even contempt for customers’ security?

And who do they tell? Intel apparently told its Chinese manufacturers about security holes in its processors before it informed the US government (https://www.wsj.com/articles/intel-warned-chinese-companies-of-chip-flaws-before-u-s-government-1517157430).

Perhaps security vulnerabilities need to be dealt with via a documented, consistent process as do so many other issues in the security world (and everywhere for that matter). And perhaps the world needs some serious investment in real risk-based cybersecurity training instead of the endless quick-fix courses that provide a certificate of attendance instead of a certificate of actually learning something.

Andrew Seldon

Editor



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
From the Editor's desk: Apathy is a cybercriminal
Technews Publishing News & Events
      Welcome to SMART Security Solutions’ first print publication of the year, the SMART Access & Identity Handbook 2025. This year’s print issue is smaller than usual, so we include some articles in the ...

Read more...
Federated identity orchestration
Technews Publishing SMART Security Solutions Editor's Choice Access Control & Identity Management Security Services & Risk Management AI & Data Analytics
Understanding exactly who resides at the end of a digital device is key, and simple identity number verification by the Department of Home Affairs is no longer a viable solution on its own.

Read more...
Managing identities for 20 years
Ideco Biometrics Technews Publishing SMART Security Solutions Access Control & Identity Management Integrated Solutions IoT & Automation
Many companies are now more aware of the risks associated with unauthorised access to locations and sensitive data and are investing in advanced identity authentication technologies to mitigate these threats.

Read more...
Balancing security and ease-of-use
Technews Publishing SMART Security Solutions Access Control & Identity Management Security Services & Risk Management
Fraud incidents have financial repercussions and erode consumer trust, leading businesses to become more aware, though this awareness does not necessarily translate into confidence in their identity authentication processes.

Read more...
Identity and authentication
Technews Publishing SMART Security Solutions Access Control & Identity Management Information Security Security Services & Risk Management
Identity authentication is a crucial aspect of both physical security and cybersecurity. SMART Security Solutions obtained insights into the topic and the latest developments from three companies.

Read more...
Integration and IoT made easy
Technews Publishing SMART Security Solutions Access Control & Identity Management
The security industry is built on silos, be it surveillance, access control, alarms and others, but integration has become a critical issue in recent years. SMART Security Solutions speaks to Integr8 Systems about its local hardware and software.

Read more...
Mobile credentials taking off
Technews Publishing SMART Security Solutions Paxton Secutel Technologies Access Control & Identity Management
Mobile smartphone access is becoming more common, with use cases ranging from Bluetooth, NFC (Near-Field Communication), or QR codes to manage secure access to commercial and personal locations.

Read more...
SMARTpod talks to Armata’s Richard Frost
Technews Publishing SMART Security Solutions Videos
SMARTpod, the podcast by SMART Security Solutions, recently spoke to Richard Frost from Armata about the company's new 'all-in-one' cybersecurity bundle designed to relieve cyber stress in the SMB market.

Read more...
From QR code to compromise
Information Security News & Events
A new attack vector involves threat actors using fraudulent QR codes emailed in PDF attachments to bypass companies' phishing security measures by requiring users to scan the code with their mobile phones.

Read more...