the blog

Cybersecurity Experts Weigh in on Why Cyber Threats Keep Happening

Cyber Threats

Ask the Experts

The question: Why Do Cyber Threats Keep Happening? Was posed to a panel that included Blue Team Alpha cyber experts Joe Kingland – CEO; Dan Wolfford – Deputy CISO; Peter Martinson – Director of Incident Response; and Sean Sullivan – Senior Incident Responder. Below is a summary of their responses based on their working experience and knowledge in the field of cybersecurity.

Why Do Cyber Threats Keep Happening?

Companies don’t do a good job of keeping their systems up to date.

As long as their technology is working for them in the way they want it to, companies don’t necessarily see the reason to upgrade it. (A main reason for upgrading is increased security.) By not upgrading, companies now have vulnerable applications in their networks—and they don’t even realize it.

Complexity of systems also creates vulnerability issues.

Every modern-day device is a full processor at the hardware level and is only limited by software. This means that when you buy something that is labeled as “smart”, it is fully capable of doing anything, but it’s functionality is limited by weak software. Cheaply made devices that have full processors are easy to compromise because most of those devices won’t get updated. Since most people don’t know about the complexity of their device hardware—or simply don’t care—vulnerabilities will remain exploitable forever.

How software and hardware have been—and still are—developed is a systemic issue.

Until very recently—and even still today—security engineers and experts take a back seat when hardware/software is developed. Instead of integrating security features into the products at the start, they are forced to manipulate existing data or add on to security that is already developed. There has been a recent shift within the last five years to include security professionals in the development process from the start so that security can be a foundation, instead of an add-on to create fewer vulnerabilities. This is called DevSecOps. Unfortunately, because we have been creating products like this for so long, there are a significant number of legacy products to replace. In addition, lots of this technology is built on top of previously developed technology that hasn’t been touched in 10+ years. To make matters worse, there are labor shortages for both programmers and security professionals, which is slowing this process down even more.

Lack of universal jurisdiction for the digital world.

There is no world jurisdiction for the Internet, like we have in the physical world where countries are protected by polices and militaries. Because of this, we try to use laws, regulations and policies that are meant for the physical world and apply them to the digital world. In doing so, we run into “protections” for attackers. For example, in the United States, it is a felony to use your computer to cause harm to another computer (foreign or domestic). This means that the private sector can’t “hack back” against bad actors because it is breaking US law. This ties our hands and makes us an easier target for nation-state or backed by nation-state hackers. Government is slow and can leave open holes for bad actors to abuse.

The bottom line.

While all of the above reasons contribute to a never-ending slew of cyber vulnerabilities and risks, the bottom line is that people and organizations get hacked so often because they fail to have even basic cyber hygiene like routine maintenance and known security procedures in order to maintain their defensive posture.

What are Some of the Best Measures Organizations Can Take to Mitigate Cyber Threats?

Train your people.

The most important step for organizations is to train your people. Continuous training and monitoring of a security awareness program is vital. People are the frontline of your security program and companies often forget that. People need to be trained at the level appropriate for the specific role they have. For example, an office employee on a computer from 9-5 will need different training than a manufacturing employee working on the production line.

Follow government recommendations.

The government’s Cybersecurity Infrastructure Security Agency (CISA) recommends four specific ways to improve cyber hygiene:

Related Posts