Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The hacker 'skills gap' may be more of a strategy gap

Taylor Armerding | Sept. 4, 2014
Hackers are succeeding with what appears to be alarming regularity. But that may not be because they are smarter or even better trained than defenders, but because they think, and attack, more strategically.

security hacker
Credit: Thinkstock

It sure feels like the bad guys are winning.

In the ongoing cat-and-mouse game between malicious hackers and their targets any individual, company, agency or government with information that might be profitable or useful the bad news for the "mice" arrives with alarming regularity.

It is not just Target, although the breach late last fall of 40 million credit card numbers and 70 million addresses, phone numbers, and other pieces of personal information remains the biggest in U.S. retail history.

It is the ongoing string of them since then: In this year alone, the more high-profile victims include UPS, P.F. Chang's, Shaw's, eBay, Adobe, Forbes, Kickstarter, Blizzard Entertainment and Dairy Queen.

More recently, Russian hackers reportedly breached JPMorgan Chase's (JPMC) network and gained access to gigabytes of data that likely came from the files of bank employees, including executives.

Even more recently, Mozilla warned about 97,000 early testers of the Bugzilla bug tracking software that their emails and encrypted passwords had been exposed for three months. That is not the first time Mozilla, whose browser Firefox is among the more popular on the market, has had a problem with leaking passwords.

And just this week came word of a "massive hack" of Apple's iCloud service, that resulted in a flood of nude images of dozens of female stars being posted on online message boards.

So it doesn't seem like there would be much to dispute about W. Hord Tipton's recent declaration in a post on Dark Reading that, "The bad guys are winning."

Tipton, executive director of the International Information Systems Security Certification Consortium (ISC)2 and former CIO at the U.S. Department of the Interior, said this is in large measure because the bad guys are better than the good guys that there is, a "skills gap" between hackers and defenders.

"Until the information security workforce catches up, we will continue to see the increasing success of sophisticated attacks," he wrote.

Tom Kellermann, chief cyber-security officer for Trend Micro, would appear to agree. "Russians are more intelligent than Americans," he told CSO, following the hack of JPMC.

But other security experts, while they don't disagree outright, say the situation is a bit more nuanced than that.

It starts with the definition of "winning." As has been pointed out numerous times, nobody hears about it when security measures successfully thwart attacks. It's only when security fails that there is publicity. So, attackers can fail the large majority of the time and still be "successful."

It is also easier to be on offense than defense, as Aaron Cohen, COO and cofounder of Blackfin Security, which operates the Hacker Academy, notes.

 

1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.