|
Security still underfunded |
|
|
|
Source: SecurityFocus - Posted by Pax Dickinson
|
Companies and governments secure their networks because they have massive financial resources, intellectual property and assets that need protection. Security for most companies, particularly the Fortune 100, does not exist in a vacuum -- most do something other than make hardware or software for their customers. Spending on security is up dramatically over where it was five years ago, but it's still much lower than it needs to be. Why? Because we're losing the battle.
I have always enjoyed the analogy of the guy who owns an expensive car like a Porsche, yet keeps it secure in a garage with a door lock that's barely worth $100. If the threat of the lock being broken so the car gets towed away in the middle of the night is high enough, how much should he spend on a lock? A thousand dollars? Ten thousand?
With so much money pouring into the security industry, I think the major players need to focus much more on hiring brainpower, and pay people who are in the know some exorbitant sums of money to think of new ways of doing things. The reason? If an unemployed security researcher already has the ability to gain the keys to your kingdom anyway, it's little more than his ethics and morals that keep him or her from going through the door illegally, and slipping inside.
Michael Lynn quit his job and risked two personal lawsuits, one from his former employer and one from Cisco, because he believed what he discovered was that important. And it is. He seemed to believe there was no choice in the matter; what he discovered had to be made public. What is the value of this discovery to Cisco, a highly respected company with oodles of cash, a near monopoly in the Internet's core infrastructure, and a market cap of $125 Billion?
Read this full article at SecurityFocus
Powered by AkoComment! |
