data breach | BringYourOwnIT.com

The Data Breach Pandemic: Information Security is Broken

June 8, 2015 Leave a comment

Have enterprises basically just given up on IT security? Global budgets fell by 4% in 2014 over the previous year and as a percentage of total IT budget they’ve remained at 4% or less for the past five years. The picture is even starker for firms with revenues of less than $100m, who claim to have reduced security budgets 20% since 2013.

Yet the threats keep on escalating. When it comes to information security, there are really only two situations out there: companies that have been breached, and companies that still don’t know it.

If 2014 was the “Year of the Data Breach” then 2015 is proving to be at least its equal. This month alone we’ve seen TV stations shunted off air by pro-jihadi cyber terrorists; the discovery of major new state-backed attack groups; and another massive data breach at a US healthcare provider.

We talk today about managing risk, rather than providing 100% security – because there’s no such thing. The conclusion I have reached is that the traditional information security model is broken. But why? And how can we fix it?

The GitHub attack – is the worst still to come?

April 6, 2015 1 Comment

What we can learn from the recent cyber attack to the popular website GitHub and why we should worry about what is likely to come next.

Over the last few days the popular website GitHub has been the target of a massive Distributed Denial Of Service attack – DDoS, apparently originated from China. As I write this note, the GitHub status webpage now indicates “Everything operating normally” and “All systems reporting at 100%”. However, I am afraid the story is far from over and the worst may still be to come.

GitHub is the largest and most popular repository of open source projects and a key infrastructure website for the Internet. Among other, GitHub hosts the Linux project – arguably the world’s most widespread open source software. Various flavors of Linux power most of the Internet servers and an ever-increasing number of consumer devices across the globe.

About Cesare Garlati

This is my personal blog about disruptive technology trends such as cyber security, open source processors, and the Internet of Things. It's full of my reasoned opinions, some of which will turn out to be absolutely wrong. You should not rely on anything in this blog for any reason other than for amusement.

This blog occasionally quotes excerpts from other publications, in which case it is done under Fair Use. I despise copyright trolls and think the EFF is due for sainthood any day now.

I am the founder of Hex Five Security and an active member of the RISC-V Foundation: some of my writing will appear here too if it's relevant. The opinions here are mine and mine alone, and are not representative of any professional organizations I belong to.

Comments are unmoderated. Say what's on your mind, be direct, speak the truth, etc., I'll try to keep all your comments ...

Happy reading!

Twitter @CesareGarlati

RT @JosephJacks_: From another reputable source: https://t.co/IIgFci61NG posted 2 weeks ago
David Patterson: Examining the Top Five Fallacies About RISC-V @risc_v design-reuse.com/news/53202/exa… posted 3 months ago
RT @hex_five: Learn how to quickly develop high-grade security applications with built-in remote firmware updates, telemetry, and device mo… posted 8 months ago
Congrats to team and investors! twitter.com/hex_five/statu… posted 1 year ago
New release of MultiZone Security for RISC-V available! v2.2.0 includes important security updates, secure DMA tr… twitter.com/i/web/status/1… posted 1 year ago

Follow @CesareGarlati