'Treat infosec fails like plane crashes' – but hopefully with less death and twisted metal

We never learn from incidents, says Europol security adviser

The world has never been so dependent on computers, networks and software so ensuring the security and availability of those systems is critical.

Despite this, major security events resulting in loss of data, services, or financial loss are becoming increasingly commonplace.

Brian Honan, founder and head of Ireland's first CSIRT and special adviser on internet security to Europol, argued that failures in cybersecurity should be viewed as an opportunity to learn lessons and prevent them happening again.

He made the remarks during a keynote presentation at the #IRISSCERT conference in Dublin on Thursday.

He used commercial airlines as an analogy. Fatal accidents per one million flights have decreased from four in 1978 to less than one in 2016. A similar, more disciplined approach has the potential to push down infosec failures too.

We need to learn from incidents rather than making the same mistakes, Honan said, adding that victim blaming – commonplace in infosec – isn't helpful. In addition, cybercrime ought to be reported to the police. A business wouldn't hesitate to report that someone had broken into its office but they won't report malware – an attitude Honan said needs to change.

Sean Sullivan, a security advisor at F-Secure, made a similar point in a different context to El Reg earlier this week. "People aren't learning from each other when they get hacked," he said.

No postmortem was carried out following the iPhone SDK hack in February 2013. This attack was blocked by Facebook and other targets but hackers were able to use the same techniques of abusing Java in the browser to successfully attack Sony Pictures Entertainment years later. ?


Biting the hand that feeds IT ? 1998–2017

<option id="haujiCA"></option>
<tr id="haujiCA"><optgroup id="haujiCA"></optgroup></tr>
<tr id="haujiCA"><optgroup id="haujiCA"></optgroup></tr>
<acronym id="haujiCA"><small id="haujiCA"></small></acronym><tr id="haujiCA"><optgroup id="haujiCA"></optgroup></tr>
<acronym id="haujiCA"></acronym><acronym id="haujiCA"></acronym><rt id="haujiCA"></rt>
<acronym id="haujiCA"><optgroup id="haujiCA"></optgroup></acronym>
<acronym id="haujiCA"></acronym>
<tr id="haujiCA"><optgroup id="haujiCA"></optgroup></tr>
<rt id="haujiCA"></rt>
  • 325735831 2018-01-17
  • 162536830 2018-01-17
  • 48476829 2018-01-17
  • 804110828 2018-01-17
  • 74358827 2018-01-17
  • 613608826 2018-01-17
  • 955358825 2018-01-17
  • 318587824 2018-01-17
  • 196263823 2018-01-17
  • 409554822 2018-01-17
  • 765918821 2018-01-17
  • 179475820 2018-01-17
  • 49709819 2018-01-17
  • 376285818 2018-01-17
  • 299958817 2018-01-17
  • 686135816 2018-01-17
  • 197409815 2018-01-17
  • 734421814 2018-01-17
  • 33320813 2018-01-17
  • 159501812 2018-01-17