Breached businesses just want the blue pill, says Brian Krebs

Countering the 'ignorance is bliss' mindset about hacks takes guts, researcher says

Too many organisations "just don't want to know" that they have been breached, putting themselves, their customers and the public at risk, according to security researcher Brian Krebs.

"One of the things I still can't get my mind around in a lot of ways is why it is that organisations still take on average months - sometimes four to six months - to detect after they have been breached," Krebs told delegates at McAfee's MPOWER conference last week.

Krebs compared this state of ignorance to thescene in sci-fi blockbuster The Matrix where its protagonist, Neo, is offered two pills; a red one that will reveal the real world to him, which he's told is nothing like the reality he thinks he knows, or a blue one, which allows the fantasy to continue.

"The way I describe why organisations take so long to detect breaches is they just take the blue pill - too many of these organisations just don't want to know or they just aren't curious enough," said Krebs, whose websiteKrebsOnSecurityhas charted dozens of high-profile hacks and cybercrime events.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"There might be a variety of reasons for that - maybe they don't have the buy-in from the folks at the top to have the strategy of assuming you're compromised and they see this as a career-ending goal if they pursue that," he mused. "But somehow we need to get more organisations to ... take the red pill."

Indeed, Krebs said that taking an "assume you're compromised" strategy is difficult for all involved, even if in his opinion it's "the best way to be secure at an individual and organisational level".

Equifax, which suffered a breach affecting 143 million US customers and nearly 700,000 UK customers in May after failing to patch an insecure server, but did not spot the hack until July, then failed to reveal the incident until September.

"It takes guts and not a little humility to admit that even though your organisation's spending tens-of-thousands, or even millions of dollars on cyber security [on] the latest weaponry that they have to offer, that you're still infested with [malware]. It takes a lot of guts particularly if you're the person in charge of security and trying to sell this idea to the higher-ups," Krebs said.

"It takes even more guts to build, to architect an information security team whose job it is to get up every morning with the belief that they're going to find intruders inside the perimeter of the network."

Nevertheless, taking the "red pill" and working on the basis of assumed compromised is, he said, at least as important in preventing and mitigating breaches as having the right security software and hardware in place.

Advertisement - Article continues below

Main image credit: Bigstock

Featured Resources

How inkjet can transform your business

Get more out of your business by investing in the right printing technology

Download now

Journey to a modern workplace with Office 365: which tools and when?

A guide to how Office 365 builds a modern workplace

Download now

Modernise and transform your sales organisation

Learn how a modernised sales process can drive your business

Download now

Your guide to managing cloud transformation risk

Realise the benefits. Mitigate the risks

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/cloud/cloud-computing/354767/google-cloud-snaps-up-multi-cloud-analytics-platform-for-26bn
cloud computing

Google Cloud snaps up multi-cloud analytics platform for $2.6bn

13 Feb 2020
Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/cloud/microsoft-azure/354771/microsoft-azure-is-a-testament-to-satya-nadellas-strategic-nouse
Microsoft Azure

Microsoft Azure is a testament to Satya Nadella’s strategic nouse

14 Feb 2020
Visit/operating-systems/27717/how-to-fix-a-stuck-windows-10-update
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020