Saturday, February 12, 2011

The cyber security gang that couldn't shoot straight

Today's New York Times article, Hackers Reveal Offers to Spy on Corporate Rivals, should have been subtitled Dumb and Dumber. My Thursday post on how cybercrime is an easy-entry career could well have gone one to point out the flip side of the coin: There surely are a lot of idiots who currently offer cyber security services. I would have started at the top, with Symantec and McAfee, and eventually hit the bottom feeders. Luckily, the New York Times covered the bottom feeders for me. Good article; good read.

Want to know what a "hoser" is? Canadians know. The rest of us can get a clue by renting or buying the video Strange Brew. Beauty, eh?

If you are evaluating competent help to analyze cyber threats, my advice is quite simple:
People who talk about their cyber exploits really don't know how to do them, and people who really do something about cyber security don't really talk about it (beyond offering a free penetration study).
How do you find competent cyber security help? In the absence of referrals from a trusted source, I would recommend offering a get-out-of-jail-free card to pre-cleared organizations who want your business and who will do that FREE penetration study. Even then, you'd better do some reference checking, verify the ownership of the organization (ie; that it's not China, Inc. installing back doors into your system), and then satisfy yourself of their liability insurance coverage.

Of course, a licensed and bonded cyber privateer is what you truly need.

No comments:

Post a Comment

Implementation suggestions for THE MORGAN DOCTRINE are most welcome. What are the "Got'chas!"? What questions would some future Cyber Privateering Czar have to answer about this in a Senate confirmation hearing?