Shameless opportunism – Canadian Government Executive

NEWS

SEARCH

HR
E-governmentSecurityTechnology
May 30, 2017

Shameless opportunism

In the wake of the WannaCry outbreak, corporate executives, IT professionals, and journalists have been bombarded by cybersecurity product vendors. The message, “if only you had bought our product you would have been protected,” smacks of shameless opportunism.

Outside the cybersecurity realm, sales and marketing professionals display significantly more tact. Following serious highway pileups, automobile manufacturers do not announce that people would have fared better in new safer cars. In the aftermath of terrorist attacks, defence vendors do not launch advertising campaigns to proclaim that their products could have saved lives. Yet when businesses, including hospitals, are crippled by malware, cybersecurity product vendors rush to their megaphones.

The inconvenient truth many vendors choose to ignore is that plenty of WannaCry victims had anti-malware software installed. Sixteen UK hospitals were impacted. It is inconceivable that none of them had anti-virus software. Using outdated Windows XP certainly did not help, but organizations running supported Windows operating systems with mainstream, centrally managed, up-to-date endpoint protection suites regularly fall victim to ransomware infections.

Due diligence, best practices, and compliance requirements effectively mandate enterprise-wide anti-malware deployments. In all but the smallest of companies, a centralized console is the only manageable way to monitor endpoint protection status. CISOs face a dilemma: failing to deploy endpoint protection is negligent, yet many popular products are proving ineffective against rapidly evolving malware threats. Many anti-virus deployments provide more business value by placing checkmarks on compliance checklists than by actually stopping malware infections.

Despite vendor claims of advanced heuristics and cloud-based intelligence, most antivirus products remain primarily signature based, rendering them effective against legacy nuisance infections, but incapable of stopping more dangerous advanced malware threats. Constant signature updates are are a hassle for customers, but provide a recurring revenue stream to the companies that supply them.

Expensive dynamic analysis systems often fail to live up to their marketing claims; they remain too easy for malware to evade, and detecting malware after it has already passed into the organization is claimed as a success. Malware capable of autonomous lateral attack movement, such as WannaCry, highlights how little security value many products actually provide.

A key challenge in cybersecurity is poor information sharing. Few, if any, victimized organizations are willing to discuss the defences they had in place when a security event occurred. If this information were to become public, it could assist future attackers, and it has the potential to adversely impact the organization’s image.

A carefully implemented global security event clearinghouse could collect information and report on the efficacy of various controls and products. But governments have demonstrated that they can not be trusted with sensitive corporate security information, corporate IT budgets are too thin to support such an initiative, and security product developers have no incentive to participate. In the absence of scrutiny, security software vendors are free to make unsubstantiated claims, protected by software licence agreements that shield them from any liability.

Some cybersecurity vendors, primarily startups, are rising to the challenge with innovative solutions. Malware detection based on machine learning is poised to displace signature-based products. Execution control that leverages policy-based whitelisting shows promise, but developers must make these products much easier to deploy and manage.

These new solutions will take some time to gain acceptance, but they are the future of endpoint protection. They also threaten the large install base of traditional signature-based antivirus products, and at least one major vendor has responded with borderline predatory pricing practices to retain market share.

It is only fair to recognize some good behaviour during the WannaCry outbreak. While the exploit was apparently stolen from the NSA, the agency did warn Microsoft, who in turn issued a patch for supported systems a month before the outbreak. When it became clear that unsupported Windows XP systems were being infected and crippling businesses, Microsoft, under no obligation to do so, quickly released a patch. One security researcher, who could have easily sold his findings to a single anti-malware vendor, halted the attack for several days, clearly acting for the greater good.

But overall, the industry’s response to WannaCry is an affront to both the profession and to businesses struggling to protect themselves from this criminal malware assault. The cybersecurity industry must do better.

 

About this author

Eric Jacksch

Eric Jacksch

Eric Jacksch is a leading cybersecurity analyst with over 20 years of practical security experience. He has consulted to some of the world's largest banks, governments, automakers, insurance companies and postal organizations. Eric is a regular columnist for IT in Canada and was a regular columnist for Monitor Magazine and has contributed to several other publications.

0 comments

There are no comments for this post yet.

Be the first to comment. Click here.

E-government
 
In a rather unusual, quiet manner this past summer, a new...
 
What would it mean for tax professionals to boost their tax...
 
We are pleased to provide you with an opportunity to help...
 
Canadian government agencies and departments are modernizing the way they do...
 
In this episode, Editor-in-Chief of CGE, George Ross talks with Sir...
 
In this episode, J. Richard Jones talks about the appointment of...
 
In the wake of the WannaCry outbreak, corporate executives, IT professionals,...
 
Facebook Pages can be an essential tool for businesses and charities,...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Nearly half of Canadian organizations are falling behind on implementation of...
 
As Canadians prepare to fill up their tax forms this year...
 
There is no shortage of examples of businesses that effectively used...
 
The latest Auditor General’s report on Shared Services Canada (SSC) and...
 
In 2011, the World Economic Forum presented its vision of a...
 
By: Patrice Dutil The MindLab meets every expectation you might have...
 
By Gregory Richards A recent study by McKinsey Global Institute suggests...
 
Some title Some author
Some excerpt
 
Some title Some author
Some excerpt
 
Some title Some author
Some excerpt
 
Some title Some author
Some excerpt
In a rather unusual, quiet manner this past summer, a new...

Member Login

Forgot Password?

Join Us

Password Reset
Please enter your e-mail address. You will receive a new password via e-mail.