If you watched Zuck testify in Congress in early April 2018, you could feel the nation’s mindset around security and data privacy shifting in a positive direction. The people not in the security community learned that even when they think they’re protecting their data, they’re not. They might be asking themselves, what can I do to protect my data online? Delete my Facebook? Throw my cell phone into the abyss? Close my bank account? Then, you realize, we’d be lost without these life lines.
The joke is on us, 60% of Facebook users didn’t even know how the site made money. We’re the target; our clicks make money. What is scary is that as the world becomes more digital (virtual?), and as software gets more complex and cheaper, we’ll be seeing more and more breaches.
Let’s face it, it is virtually impossible to write impenetrable software. We see this in the number of updates released on Tuesdays. Patching is how software becomes more secure. For example, when an iOS vulnerability is found, the engineers at Apple work overtime to fix it. How long will that be sustainable? Is it even sustainable now? Not every organization has the bandwidth that the Apple, Facebook, and Googles of the world have to find and fix their vulnerabilities and oftentimes vulnerabilities are identified by hackers before the software developers know the vulnerabilities exist. Even once developers release a patch, that patch may not get installed by users in a timely fashion.
In 2017, 71% of data breaches were caused by unpatched vulnerabilities according to the Verizon Data Breach Investigations Report. In some cases, the vulnerability exploited had a patch available for a decade! Our society is so far removed from the risk that our views and policies on security pose. It’s 2018, everything is interconnected and with interconnection and complexity, we lose security. The device in my pocket isn’t a cell phone, it’s a computer with vulnerabilities.
In light of the ever-growing threat landscape we must thank Facebook for gaining the nation’s attention. It shouldn’t have to come to a disaster that includes the loss of life before action is taken. I was at a great cybersecurity symposium the other day about IOT devices (71% of which have vulnerabilities) and one of the speakers brought up a scenario that went a little something like this, “Imagine if your electric tooth brush gets hacked, which sends malware to your smart refrigerator, which then sends malware to your smart car….you’re going 80mph on the highway and your brakes go….” These threats are only a few years away, people.
What is more frightening is that once the Federal government is the governing body on cybersecurity regulations, who will be enforcing the regulations? We’ll still need robust teams to find vulnerabilities and apply patches, monitor the network 24/7 for security events. There is a 2.2 million cybersecurity professional shortage to date and this gap will continue to grow.
Again, thank you, Facebook. Thank you, Mark Zuckerberg for your testimony and for raising awareness. Also, thanks for allowing my aunts and uncles to fill my news feed with the cheesiest content and sending Candy Crush Life requests 20x a day.
All joking aside, this event should remind us all that we are all a target in this cyberwar. We will continue to trend in the right direction and fight for stronger policies around security, until then, we must do our best to combat these attacks and remain vigilant.
As organizations continue to struggle to keep up with vulnerabilities, patches and monitoring the network 24/7 for suspicious activities, rest assured that there are organizations like Cygilant that are here to help. Give us a call.
Tags: Patch Management