Serviceteam IT Security News

In the opening keynote at BSides Las Vegas, Bob Lord, CISO of Democratic National Committee (DNC), talked of the “Ghosts of Past, Present and Future” and considered what we need to do going forward.

Lord, who also served as CISO of Yahoo, Netscape and Rapid7, talked about stories such as the Yahoo attack and breach, and how the lessons learned “should be talked about,” but there are too many cases where we “talk technology but have forgotten how to tell stories to executives.”

He said that this problem of communication is “repeated breach after breach” and that the industry often fails to tell a story and be heard.

Pointing to his current work at the DNC, Lord said that this involves working with state parties and campaigns, which have separate funding and separate charters, and are separate legal entities with different levels of maturity.

This led to a suggestion to kill the checklist of security best practice, which Lord called “a roadmap of our failure to build usable security in products”. The only way to resolve it, he offered, is to sit down one-on-one to get it done. That, he countered, doesn’t scale.

He said: “We realize doing the basics is hard and time consuming” and if have to do it one-on-one we have “failed users” and we need to take a more active role and move to “secure by design.” This includes making updates painless, automatic and transparent, enabling encryption on laptops which doesn’t have to be paid for, and is not hard to install.

Lord also called for better security standardization, especially in authentication. Instructing someone how to use a password manager, he said, “is a real struggle to help someone under the best circumstances.”

He pointed at the case of 2FA. If a user has to search for how to enable 2FA, he said, then “something is not quite right.” He also advised against connecting to “sketchy wifi,” but conceded that it is hard to determine what a “sketchy wifi” network looks like.  

“You shouldn’t have to pay more to be good at security,” Lord said. “Don’t treat it as a luxury item.” 

He concluded by saying that things should be more “secure for default for average folks, in all devices and services, with no action required by users” and praised the work of FIDO Alliance which he said is “a real game changer in making things secure for the average person.”

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!