Criminal hackers continue to penetrate many more company networks than most administrators care to admit, according to two security experts who offered a list of the most effective exploits used to gain entry.Ed Skoudis has been doing security for a long time. This is a very pessimistic view of security, but I've also been pretty pessimistic (for example, about the electric power grid).
...
I believe that a determined but not necessarily well-funded attacker can pretty much break into any organization," Skoudis said. "If you think it's less than 50 percent, I think you need to look a little more carefully."
The problem is that unless you're looking for precisely the right thing at precisely the right time, you won't know if you've been pwned. Even people who do all the right things are looking for a needle in a very large haystack. The distribution of information is very asymmetric, and favors the attacker.
Everything is vulnerable. You know some (but not all) of what is. You'll catch some of the attacks (but not all). All in all, it's a thankless job.
At least the pay's decent.
1 comment:
Heh, in a few weeks we'll be hiring some consultants to audit our security. I can't wait to see how poorly we do.
Post a Comment