It is true that many security breaches have taken place owing to the lapses inherent in outdated software. I am of the idea that users incessantly keep their applications up to date and to also ensure that they run only the latest versions of whatever software they are using. Just as a precaution, it would be safer if the users stuck to high end software only as opposed to trying anything that comes to their way
I agree with Rob that Marc may be right in that there are only five hundred people who have an in depth knowledge on matters concerning security. There is no doubt that this number was considerably lower some few years ago. This therefore implies that in the coming years the number will grow ensuring a more elaborate security system.
Excellent post Rich. We have become so dependent upon the internet and search engines available it would be very difficult to work within a structure where there were no internet connections. I do feel this would provide additional security and if you could eliminate "memory sticks" you could go a long way towards ultimate security. This past week, my two grandsons downloaded a version of "Mine Craft" (or something). You guessed it--the game had embedded within code the "blaster virus". For the life of me, I could not eliminate the "bug". $156.00 later and a trip to the "computer store", I come back relieved no apps or personal documents were affected in a detrimental manner. Problem--this is the computer I use for my company. Even though protected by passwords, they somehow got around the security. (Ultimate hackers.) Stuff happens even in the best of environments.
Reminds me of a cyber security expert talking about ways the Stuxnet virus may have been implanted into a network that was physically not connected to any other network. One speculation is "seed" the parking lot or a sidewalk at the facility with a USB flash drive. An employee might take it into their office and plug it in to figure out which colleague "dropped" it......
In 2005 I was working with a major mainframe software supplier on a security writing project when all kinds of security breaches were hitting the news, many regarding missing laptops or online breaches. The supplier had a top team of security experts I got to interview for the project. The federal agency intelligence guy said that the onset of online access to everything was the first major security hole, followed by employees bringing in their own consumer mobile devices like phones and laptops. I thought it was interesting that he placed online access first.
Updating software is one way to introduce viruses or new vulnerabilities. Updating more frequently can adversely impact security.
One way to improve security is to disconnect from the network and physically secure the equipment. Obviously you have to restrict access to trusted employees, and don't give the IT guys access to everything. If the number of trusted employees is small, then it's easier to figure out who sabotaged the machine.
The philosophy that all machines on the network are the same is a dangerous one.
There is no such thing as complete security; you just have to decide how much is enough, what you are willing to pay for it, and what you will give up in eficiency and convenience to get it. Adobe Acrobat is a notorious security problem because everyone uses it (it's free), and therefore it is an attractive target for internet hackers. You can avoid this by taking your control systems off the internet, like the military does, but then you have to live with the inconvenience of loss of ERP, remote access, etc. You are still susceptable to authorized but disgruntled individuals with thumb drives, but as I said, there is no such thing as complete security.
Back in the earlier days of microprocessor hardware, you used to have to " blow " ( program ) a UV prom or eeprom and on the eeprom you had to blow those fuses to prevent reprogramming the BIOS control of a device. The improvement was to add a physical jumper if you needed to program a device.
Now you can alter basic programming on-line. THAT is the biggest security hole ever created!
My security cred comes from both the microprossor and supercomputers; I have worked with both. I also did security on our link to DARPAnet; Cray bought my copy of " The Cuckoo's Egg ".
Something else to consider: you never hear about the truly successful security breaches.
I'm either one of the 500 or one of the people who never make headlines; make your choice...
Focus on Fundamentals consists of 45-minute on-line classes that cover a host of technologies. You learn without leaving the comfort of your desk. All classes are taught by subject-matter experts and all are archived. So if you can't attend live, attend at your convenience.