E-governmentSecurityTechnology
May 30, 2017

Shameless opportunism

In the wake of the WannaCry outbreak, corporate executives, IT professionals, and journalists have been bombarded by cybersecurity product vendors. The message, “if only you had bought our product you would have been protected,” smacks of shameless opportunism.

Outside the cybersecurity realm, sales and marketing professionals display significantly more tact. Following serious highway pileups, automobile manufacturers do not announce that people would have fared better in new safer cars. In the aftermath of terrorist attacks, defence vendors do not launch advertising campaigns to proclaim that their products could have saved lives. Yet when businesses, including hospitals, are crippled by malware, cybersecurity product vendors rush to their megaphones.

The inconvenient truth many vendors choose to ignore is that plenty of WannaCry victims had anti-malware software installed. Sixteen UK hospitals were impacted. It is inconceivable that none of them had anti-virus software. Using outdated Windows XP certainly did not help, but organizations running supported Windows operating systems with mainstream, centrally managed, up-to-date endpoint protection suites regularly fall victim to ransomware infections.

Due diligence, best practices, and compliance requirements effectively mandate enterprise-wide anti-malware deployments. In all but the smallest of companies, a centralized console is the only manageable way to monitor endpoint protection status. CISOs face a dilemma: failing to deploy endpoint protection is negligent, yet many popular products are proving ineffective against rapidly evolving malware threats. Many anti-virus deployments provide more business value by placing checkmarks on compliance checklists than by actually stopping malware infections.

Despite vendor claims of advanced heuristics and cloud-based intelligence, most antivirus products remain primarily signature based, rendering them effective against legacy nuisance infections, but incapable of stopping more dangerous advanced malware threats. Constant signature updates are are a hassle for customers, but provide a recurring revenue stream to the companies that supply them.

Expensive dynamic analysis systems often fail to live up to their marketing claims; they remain too easy for malware to evade, and detecting malware after it has already passed into the organization is claimed as a success. Malware capable of autonomous lateral attack movement, such as WannaCry, highlights how little security value many products actually provide.

A key challenge in cybersecurity is poor information sharing. Few, if any, victimized organizations are willing to discuss the defences they had in place when a security event occurred. If this information were to become public, it could assist future attackers, and it has the potential to adversely impact the organization’s image.

A carefully implemented global security event clearinghouse could collect information and report on the efficacy of various controls and products. But governments have demonstrated that they can not be trusted with sensitive corporate security information, corporate IT budgets are too thin to support such an initiative, and security product developers have no incentive to participate. In the absence of scrutiny, security software vendors are free to make unsubstantiated claims, protected by software licence agreements that shield them from any liability.

Some cybersecurity vendors, primarily startups, are rising to the challenge with innovative solutions. Malware detection based on machine learning is poised to displace signature-based products. Execution control that leverages policy-based whitelisting shows promise, but developers must make these products much easier to deploy and manage.

These new solutions will take some time to gain acceptance, but they are the future of endpoint protection. They also threaten the large install base of traditional signature-based antivirus products, and at least one major vendor has responded with borderline predatory pricing practices to retain market share.

It is only fair to recognize some good behaviour during the WannaCry outbreak. While the exploit was apparently stolen from the NSA, the agency did warn Microsoft, who in turn issued a patch for supported systems a month before the outbreak. When it became clear that unsupported Windows XP systems were being infected and crippling businesses, Microsoft, under no obligation to do so, quickly released a patch. One security researcher, who could have easily sold his findings to a single anti-malware vendor, halted the attack for several days, clearly acting for the greater good.

But overall, the industry’s response to WannaCry is an affront to both the profession and to businesses struggling to protect themselves from this criminal malware assault. The cybersecurity industry must do better.

 

About this author

Avatar

Eric Jacksch

Eric Jacksch is a leading cybersecurity analyst with over 20 years of practical security experience. He has consulted to some of the world's largest banks, governments, automakers, insurance companies and postal organizations. Eric is a regular columnist for IT in Canada and was a regular columnist for Monitor Magazine and has contributed to several other publications.

0 comments

There are no comments for this post yet.

Be the first to comment. Click here.

E-government
 
In the past 18 months or so, new governments have taken...
 
Disruption, for the most part, always used to be seen as...
 
We are excited to announce that the February/March 2019 issue of...
 
In this episode of CGE Radio, J. Richard Jones talks with...
 
In recent years there has been much hype surrounding blockchain technologies...
 
February 20, 2019, Aurora, ON – Canadian Government Executive Media (CGE)...
 
Wouldn’t we all love to work in an open, transparent and...
 
Imagine your favorite world class service provider replacing the Board of...
 
If your Deputy Minister asked you to identify a dozen communities...
 
People already know the world is digital and that the best...
 
In my previous post about Nesta’s  Digital Frontrunners , I introduced four challenges ...
 
While most of my focus here is on IT and digitization...
 
In federal systems like Canada’s – where power, authority, and responsibility...
 
We have been hearing quite a lot about superclusters. The Government...
 
A look back to the start of 2018 to see some...
 
My observation is people often take the view, “no one else...
 
Canadian Government Executive is pleased to announce its latest podcast –...
 
It is time to reboot democracy. This year, the French constitution,...
 
One of the benefits of living in a federation is that...
 
Public sector organizations are embracing digital transformation, and we’re currently seeing...
 
Urban officials dream of a future of “smart cities” that use...
 
A decade ago as a Presidential candidate, then-Senator Obama was asked...
 
Automated software applications (“bots”) have been weaponized to unduly sway public...
 
Governments everywhere are announcing new strategies for artificial intelligence. From France, which has...
 
The US and other Western governments are sinking more money into...
 
A single team or lab could never create the volume of...
 
I was hosting a meeting recently when I received an urgent...
 
Citizens are embracing technology as it rapidly changes. The experience that...
 
Cultivating more intelligent government has long been a hallmark of public...
 
Innovation labs and units have become so fashionable in the public...
 
Today’s global and local environments require public servants at all levels...
 
Welcome to the era of Smart Cities where connectivity will drive...
 
As the world grows more digital – and increasingly mobile –...
 
Federal efforts to increase the use of data to inform and...
 
Transforming the way services are provided by governments to match the...
 
Earlier this year the Canadian government took a crucial step by...
 
According to a recent McKinsey study there is a potential for...
 
The use of digital services in the day-to-day lives of most...
 
In this episode, J. Richard Jones, publisher of Canadian Government Executive...
 
The January/February 2018 issue of Canadian Government Executive is on the...
 
This year is proving to be an interesting one for all...
 
Recently, George Ross, Editor-in-Chief of Candian Government Executive sat down with...
 
For over two days at the end of January this year,...
 
Today on CGE Radio, we speak with Craig Szelestowski, President and...
 
Today, many connect with their banks, private companies, and friends in...
 
Canadian Government Executive is honoured to have Michael Wernick, Clerk of...
 
For many years now, the buzz in government has been around...
 
It’s that time of year when some of us think reluctantly...
 
In this episode, CGE radio show host J. Richard Jones speaks...
 
The adoption of new technologies provides many opportunities, poses unique challenges...
 
We are excited to announce that the October issue of Canadian...
 
Earlier this month I had the privilege of testifying as an...
 
Canadian Government Executive Media, (CGE) publisher of Canadian Government Executive magazine...
 
Public sector managers from all levels of government across Canada increasingly...
 
Does your organization have a very narrow view of what digital...
 
With businesses and government agencies increasingly operating in a highly information-based...
 
Blockchain. There’s probably no other technology trend in recent years that...
 
Over the last two years, an ever-growing number of organizations around...
 
Canadian Government Executive is excited to announce the agenda for TechGov...
 
Canadian Government Executive media through its upcoming TechGov event is providing the...
 
In a rather unusual, quiet manner this past summer, a new...
 
What would it mean for tax professionals to boost their tax...
 
We are pleased to provide you with an opportunity to help...
 
Canadian government agencies and departments are modernizing the way they do...
 
In this episode, Editor-in-Chief of CGE, George Ross talks with Sir...
 
In this episode, J. Richard Jones talks about the appointment of...
 
In the wake of the WannaCry outbreak, corporate executives, IT professionals,...
 
Facebook Pages can be an essential tool for businesses and charities,...
 
July 27 was pay day some federal public workers that finally...
 
A recent report suggests several strategies how governments and the private...
 
The Phoenix payroll systems long-running technical glitches which have plagued public...
 
Governments around the world are seeking to tap technologies such as...
 
The government is spending $3.5 million to improve an existing immunization...
 
The adoption last year by the Canada Border Services Agency of...
 
The Canadian Radio-television and Telecommunication Commission (CRTC) yesterday heard from several...
 
It appears it was not just the Mounties that were affected...
 
Shared Services Canada appears to be in trouble again – this...
 
Growing public expectations on the speed at which they can received...
 
Nearly half of Canadian organizations are falling behind on implementation of...
 
The facility of a top-secret military communications group in Borden, Ontario...
 
As Canadians prepare to fill up their tax forms this year...
 
There is no shortage of examples of businesses that effectively used...
 
The latest Auditor General’s report on Shared Services Canada (SSC) and...
 
In 2011, the World Economic Forum presented its vision of a...
 
By: Patrice Dutil The MindLab meets every expectation you might have...
 
By Gregory Richards A recent study by McKinsey Global Institute suggests...
 
Some title Some author
Some excerpt
 
Some title Some author
Some excerpt
In the past 18 months or so, new governments have taken...