This year brought in the high profile attack of “Operation Aurora”, which is a disturbing reminder, the level of sophistication that exists.
If you happen to operate a successful and profitable business that is, void of a digital connection and/or unplugged from the Internet, more power to you. However, the number of mobile devices connecting are staggering, while businesses try to connect with the owners of the PC pocket rockets, and industry continues to ramp up at an unprecedented rate.
Marc Maiffret, CTO of eEye pointed out the sophistication at which attacks, such as Operation Aurora, are conducted and carried out against governments, are now filtering down to the end-user, those sitting at home in the comfort of his or her living room.
Have you ever wondered what “Zero Day” means, and how does it affect you? Personally, there is nothing “zero” about it. A piece of malware released into the wild by an anonymous entity has no intention to contact security industry leaders and inform them. We would have to be the brain of the “Matrix” to see that coming.
Unfortunately, even when companies like eEye do discover malware in the wild, it does not mean a patch is instantly available. More often, than not, eEye may provide a solution for the problem before the targeted technology industry leader.
The question then arises, when is it justified to inform the public of their vulnerability?
Therefore, from the time the malware is released into the wild to the moment a patch is created and installed could be weeks – months – and in some cases a year to patch. The ultimate goal is to have a patch available, and in place the moment a piece of malware is released…It would have to be a sting operation, which set up the hacker.
An interesting statement by Marc earlier is that often times a company like eEye provides mitigation steps so the consumer can implement a defense in advance of the targeted technology company’s release of a patch.
eEye understands the mindset of the hacker and recognizes the significance in understanding the direction businesses are going based on future technologies, and how cybercriminals might misuse these technologies, which allows eEye to be more proactive than reactive.
Marc Maiffret alluded to an age-old problem, which The CyberHood Watch partners, Dave & Bill, have talked and written about in the past, security vs. convenience. Technology is happening so fast that manufacturers accelerate marketing features, benefits, and future functions at the expense of security, which is exacerbated by the expansion of the smart phone space. Marc points out we may be missing the opportunity to secure the mobile industry.
Marc shares his insight into how classic vulnerabilities are being introduced into everyday systems, for example an automobile. The new brain behind the wheel more and more resembles a chip, which opens the possibilities of “chip rage”, and someone else controlling your super internet highway.
Is security a moneymaker? What does vulnerability cost you? What regulatory compliance issues might your company lack that potentially open you to large penalties and fines? eEye has consolidated this into a managed operating system…Retina C3 2.0
Your CyberHood Watch Partner,
david c ballard
Radio Security Journalist