Posts Tagged ‘compliance’
September 16th, 2011
Intel’s admission this week that it was not secure and safe from cyberattacks – and that it was “inevitable” that its network defences would be breached makes me want to weep.
The world’s premier computer chip brand and much more, says that it cannot defend itself against the well-organised criminal gangs (soon to be companies) that make a living from stealing data that gives them an immediate financial benefit, and access to the ideas that any organisation considers its lifeblood.
So, are we busted?
I think we are. Intel bought the security technology firm McAfee (for $7.7billion) a year ago. A year is not long and the challenges of integration are fully accepted. But for the biggest chip maker in the world to admit now it has no full answer to network defence is truly shocking.
But wait… two days ago, McAfee/Intel announced a development in security. DeepSAFE makes bold claims of newness and next-generation solutions.
It’s partially formed and we are asked to wait for further news. Meanwhile, the company whose rainbow coat is being not-too-gently tugged at, Wave Systems, has been there, done that and is the global leader in device-hardware based security solutions.
It helped to write the book that defines new industry standards through the Trusted Computing Group. It has spent millions of research dollars and has assembled an extraordinary team over the past 10 years that has delivered the proven, trusted next-generation solution to network security and true compliance.
Wave Systems (full disclosure, no apologies – a new and very valued client) – has been a key part of an open development in the security sphere for years. Given that the means to deliver robust, unbeatable network security and compliance have been freely available since before hacking became a multi-million dollar business, outstripping that of the illegal drugs economy, I’d just ask – “Where were you, Intel/McAfee and the rest? Why did you not move to protect us before now?”
We may learn more from Intel/McAfee over the next quarter and maybe it will present a robust next-generation security solution. But that’s a big ask. From where I’m sitting, the network security terrain globally is still totally blasted.
That’s because the terrain itself is quicksand. It never has been secure and, if we keep going with current network security “strategies”, we’ll all be sucked down.
The sign at the border of this terrain now should be signalling that we are all not safe and everything we have believed about the essential safety of network engagement, when we take the prescribed precautions, is just bull.
It’s not just Intel. Norton (Symantec) said this week that 1 million people globally were victims of cybercrime every day and its research also gives a taste of the extent of commercial crime.
For sure, the Norton research is aimed at the businesses and groups and individuals who have few or no online defences. But the point I took from the research is that strong commercial organisations with strong defences have been breached, at a painful financial cost.
Why is data breach inevitable? According to Perry Olson, Intel’s senior director for strategic response and global activities at Intel, new attack methods, such as slow-burning advanced persistent threat (APT) targeting or the orchestration of network penetration by distributed, large-scale botnets, means the company cannot stop data leaking from its organisation, according to
He told ZDNet: “[Network] compromise is inevitable, data loss is inevitable, what do we do? The threat vectors we’ve seen have changed drastically.”
What do we do? That’s a good question. Maybe we’re looking in the wrong direction, Maybe software security is not the way forward. Maybe we got it wrong.
We need to get it right. Or this networked, global economy is well and truly busted.