Friday, February 26, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Tenable wants to see the end of the ‘nation-state attacked us’ excuse

September 12, 2019
in Internet Security
Tenable wants to see the end of the ‘nation-state attacked us’ excuse
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

The “nation-state attacked us” excuse, according to Tenable chairman and CEO Amit Yoran, is not a valid excuse for having a weak system be compromised.

Speaking with ZDNet while in Australia this week, Yoran said there’s an awful lot of money being spent on sophisticated security tooling, but organisations are still leaving the front door wide open for criminals to walk straight in. Compounding this, he said, is the excuse that the organisation was helpless, “making pretend” that they couldn’t have prevented an attack as it originated from an advanced adversary.

You might also like

Why your diversity and inclusion efforts should include neurodiverse workers

Attorney-General urged to produce facts on US law enforcement access to COVIDSafe

This chart shows the connections between cybercrime groups

Special feature



Cyberwar and the Future of Cybersecurity

Today’s security threats have expanded in scope and seriousness. There can now be millions — or even billions — of dollars at risk when information security isn’t handled properly.

Read More

“Nation-state attack in just about any instance is a pretty pathetic excuse for being comprised,” he said. 

“When you look at a vast majority of the breaches that occur, whether they’re nation-state actors or whether they’re hacktivists or cyber criminals, if you look at a vast majority of these breaches, in the data that we’ve seen, it’s well north of 98% — these breaches are all caused by negligence.”

He said many organisations claiming such attacks have important or critical systems that carry extremely sensitive information, but they have simply done a very lax job when maintaining hygiene and adequate security basics.

See also: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic) 

“Nation-state adversaries, even the sophisticated hackers, aren’t using all these super scary hyped-up, zero day pieces of original exploit code or malware, it’s just the basics that we aren’t doing well that they’re taking advantage of,” Yoran said.

According to Yoran, when looking at the causes of breach, it is almost always exclusively due to one of the two, or in many cases both, issues.

“It’s either there’s a known vulnerability with a patch available to which somebody just doesn’t patch their systems, or they’re implementing very poor authentication, identity management, access management practices and as a result get compromised by some form of spear-phishing. In many cases, it’s both of these things at work,” he said.

“There’s spear-phishing because somebody is using poor passwords, and their underlying system they’re being spear-phished from still has known, unpatched gaps.”

See also: 10 tips for new cybersecurity pros (free PDF) (TechRepublic)

Rather than saying an organisation was the victim of a breach at the hands of a nation-state adversary, and pretend it was highly sophisticated, Yoran said the better conversation to have would be around why there was a breach.

“Was it something that was truly unpreventable or were you simply being lax and negligent in how you manage your systems?,” he said.

“The truth is that preventing these things is exceptionally straightforward — I’m not saying that it’s easy to do, but it’s at least straightforward … the thing you have to do to protect yourself is maintain good hygiene with systems … and users.

“If you can do those two things, you are in far better shape and I would say it’s extremely unlikely you’ll get breached — and you certainly won’t get breached with any of the popular techniques we’re seeing today from nation-state actors or cybercriminals.”

Before landing at Tenable as its CEO, Yoran had spent time within the US Department of Defense and previously served as founding director of the US-CERT program in the US Department of Homeland Security. Prior to that he was the president of network security firm RSA, as well as the co-founder and CEO of Riptech, which was acquired by Symantec in 2002.

Having spent 25-plus years in the security industry, Yoran made an observation that organisations are throwing money at security solutions “to no end”, when what is actually required is a more disciplined approach to managing systems and users.

“I would say most of which you see from the security industry is a bunch of smoke mirrors, and hype … there’s no point in installing a super sophisticated security system when you aren’t locking your door or closing your front door to begin with,” he added.

As the number of exposed breaches grow, particularly with regulated requirements to disclose any activity relating to the personal data of people, Yoran said there is a sense of tolerance in the world.

“We’re certainly breeding a sense of tolerance that may be counter-productive,” he said. “I’m hopeful — I’m optimistic — that as we get more transparency, not just that you were breached, but how you were breached … that we start seeing what is effective, what is necessary to exercise responsible security in today’s era.”

Touching briefly on the breach experienced by the Australian government earlier this year, Yoran said it’s safe to assume that poor hygiene is at the crux of just about every high profile breach and headline in recent years.

RELATED COVERAGE

Credit: Zdnet

Previous Post

Do you want fr-AI-s with that appy-meal? McDonald's gobbles machine-learning biz for human-free Drive Thrus • The Register

Next Post

Top 10 Sales Priorities of Sales Leaders

Related Posts

Why your diversity and inclusion efforts should include neurodiverse workers
Internet Security

Why your diversity and inclusion efforts should include neurodiverse workers

February 26, 2021
Attorney-General urged to produce facts on US law enforcement access to COVIDSafe
Internet Security

Attorney-General urged to produce facts on US law enforcement access to COVIDSafe

February 26, 2021
This chart shows the connections between cybercrime groups
Internet Security

This chart shows the connections between cybercrime groups

February 26, 2021
Spy agency: Artificial intelligence is already a vital part of our missions
Internet Security

Spy agency: Artificial intelligence is already a vital part of our missions

February 26, 2021
Chinese cyberspies targeted Tibetans with a malicious Firefox add-on
Internet Security

Chinese cyberspies targeted Tibetans with a malicious Firefox add-on

February 26, 2021
Next Post
Top 10 Sales Priorities of Sales Leaders

Top 10 Sales Priorities of Sales Leaders

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Why your diversity and inclusion efforts should include neurodiverse workers
Internet Security

Why your diversity and inclusion efforts should include neurodiverse workers

February 26, 2021
North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware
Internet Privacy

North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware

February 26, 2021
The Beginner Guide for Creating a Multi-Vendor eCommerce Website
Data Science

The Beginner Guide for Creating a Multi-Vendor eCommerce Website

February 26, 2021
How Artificial Intelligence, Machine Learning will further advance Ed-tech sector?
Machine Learning

How Artificial Intelligence, Machine Learning will further advance Ed-tech sector?

February 26, 2021
Attorney-General urged to produce facts on US law enforcement access to COVIDSafe
Internet Security

Attorney-General urged to produce facts on US law enforcement access to COVIDSafe

February 26, 2021
Machine Learning & Big Data Analytics Education Market: Soaring Demand Assures Motivated Revenue Share During 2020-2030 – KSU
Machine Learning

Machine Learning & Big Data Analytics Education Market: Soaring Demand Assures Motivated Revenue Share During 2020-2030 – KSU

February 26, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Why your diversity and inclusion efforts should include neurodiverse workers February 26, 2021
  • North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware February 26, 2021
  • The Beginner Guide for Creating a Multi-Vendor eCommerce Website February 26, 2021
  • How Artificial Intelligence, Machine Learning will further advance Ed-tech sector? February 26, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates