Sunday, December 5, 2021

Pointing the blame for data breaches

With the leap this year in the number of data breaches there’s enough finger pointing going around to make IT professionals stay in bed forever.

The latest comes from JohnMcCormack, CEO of Websense, a maker of gateways and data security solutions, who blamed employers for the lack of skilled people in data centres.

Security teams are “not keeping up well.” he complained in an interview Tuesday because of a skills shortage, lack of spending on IT security and a failure by vendors to deliver simpler security systems.

“Either we don’t have the technology to defend our selves, we don’t have the buieness behind us to defend ourselves, or we don’t have the competencies. I’m quite sure we have most of the technology to stop many of these problems, many business are spending more than ever on cyber security — although some are clearly making decisions to not spend enough — but most of the issues in my mind boil down to lack competency.

“In the industry we need to deliver simpler systems that just work and don’t require a level of sophistication by the customer that quite frankly isn’t there as we bring more junior people into this industry.”

“Vendors have to continue to simplify their systems. What is it about the Target environment they have so many false positives they bcan’t believe their tools any more?” he asked  “What is it about Neiman Marcus that they have so many malware alerts they can’t even see then although they have everything else in place.”

“I’m convinced the amount of competency you need continues to go up, it’s putting pressure on the number of people in the industry, you’re reacting to that because you can’t have holes on your team, organizations are reacting to this by bringing in less skilled people, and yet we’ve got an assumption that the people doing this work have the same level of (IT security) skill as the previous generation had and that’s not a valid assumption.

“We need to drive more actionable intelligence into the hands of these junior people.”

On the recent discovery of the GNU Bash vulnerability (dubbed Sherlock) in Linux, his advice is to patch frequently, look to your security providers for mitigating tools, and assume the sophisticated cyber criminals have known about it so if any system shows a known vulnerability do a forensic analysis.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News