Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    The Sky Isn’t Falling in IT Security, as Some Might Suggest

    By
    Sean Michael Kerner
    -
    September 5, 2015
    Share
    Facebook
    Twitter
    Linkedin
      security risks

      Reporting on cyber-security can be a somewhat depressing endeavor—given the seemingly endless onslaught of exploits, breaches and statistics that preach doom and gloom on a daily basis. The truth, however, is that modern cyber-security is not all darkness.

      Many have long heard the adage in journalism that “if it bleeds, it leads,” and all you have to do is watch the nightly news to see that’s true in 2015. In information security, the same is true; the big breaches, the zero-day exploits, the large statistics that claim high levels of security weakness often crest at the top of the major news aggregators and social media, as well.

      My own inbox is assaulted on a regular basis with all manner of security claims, each one more outlandish than the next. Often, those claims are based on statistically insignificant surveys or vulnerabilities that, quite simply, are not exploitable.

      That doesn’t mean that there aren’t vulnerabilities that are hyped and are actually exploitable. Case in point is the 2014 Heartbleed vulnerability, which eWEEK first covered before it was branded as Heartbleed and known as an OpenSSL Heartbeat flaw. In that case, an attacker was able to quickly make use of the flaw in Canada and was also promptly arrested.

      Although there are certainly challenges in technology security today, the reality is that 2015 is much more secure than, say 1999. Back then, when the Melissa virus hit, many IT system administrators (myself included) were clueless and just didn’t know what to do. In my own case, I pulled the Ethernet plug from the main Internet router in the server closet, as I had no other tools to stop the flood.

      Today, it’s a very different world. While information security is far from being a solved problem, there are, however, solutions in place for many problems. Operating system vendors have improved technologies, and security vendors have made billions from selling products that aim to protect organizations and their users. Perhaps more importantly, though, is that in 2015, there is a really solid understanding in the security research community of how exploits work and how to prevent them.

      A few new classes of vulnerabilities in software have been reported in recent years, but what seems to be the case is that there are a number of persistent types of vulnerabilities that continue to reoccur. One such class of vulnerability is SQL injection, which enables a criminal to attack a database and potentially breach an organization’s information. In the case of SQL injection, there are known defenses and best practices, which often boil down to making sure that all inputs are validated.

      In the case of use-after-free (UAF) memory errors, which seem to continue to be common in Web browsers and in Web plug-in software like Adobe Flash, there is also a light at the end of the tunnel. Hewlett-Packard has done a lot of research to help prevent UAF errors, and that will improve security.

      There are many other areas for security optimism, where once-pervasive threats have become non-issues. One such example is Oracle’s Java, which in 2014 was the scourge of information security, representing 91 percent of attacks. In 2015, Java’s story is very different, with almost no zero-day exploits and a much stronger security posture.

      If security technologies are improving, why then are organizations still being exploited?

      The answer to that has much to do with patching and configuration. While zero-day exploits do occur, exploit kits typically only target known exploits and are effective against unpatched systems. There is reason for optimism on that front, too.

      The Sky Isn’t Falling in IT Security, as Some Might Suggest

      There are an increasing number of technologies with auto-updating and patching built in, including the popular WordPress content management system, which has been providing users with automatic updates since late 2013.

      Many high-profile attacks also tend to involve some form of password theft and/or privilege escalation, both of which are attack types that are now also well-understood. With passwords, many modern Web applications and systems now support two-factor authentication systems, which provide an additional layer of protection. When it comes to privilege escalation attacks, user-behavior-based platforms and technologies are now entering the market, including Microsoft’s Advanced Threat Analytics.

      Often, many security statistics reports will lead with claims that some number of users or organizations are at risk from something, and that can sometimes be news. However, what isn’t news is when organizations aren’t hacked and exploited. That’s the theme of a really thoughtful new IBM security video that attempts to make light of the fact that not being hacked can be news, too.

      For the first time, there are now also the beginnings of guarantees in security, which is something that hasn’t existed before, either. WhiteHat Security, for example, now offers its customers a refund if they are hacked. WhiteHat founder Jeremiah Grossman wouldn’t be doing that unless he was confident that he wouldn’t have to give refunds to refund customers, as he knows that security can, in fact, be done properly and effectively.

      Organizations in 2015 are being breached, and vulnerabilities in software exist and continue to be found. Chicken Little’s proverbial “sky,” however, is not falling, and technology can, in fact, be used securely. While often technology seems to be stuck in a dark tunnel of insecurity, there is a light at the other end.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×