Lessons unlearned -- the cybersecurity industry is stuck in the past

People can make mistakes, well-intentioned or otherwise, in any walk of life or industry. It happens all the time.

Take the cybersecurity industry, for example. Just over two weeks ago, the well-publicized Microsoft outage caused by CrowdStrike's corrupted software update wreaked havoc across the world.

Microsoft claims that up to 8.5 million computers worldwide were immobilized due to the IT outage. The financial impact caused by the incident is also significant, with the US airline Delta Air Lines estimating the crash in their systems cost them in the region of $500 million.

Despite the global repercussions of last month's outage, CrowdStrike’s solution was well-meaning. They want to help users.

However, what shouldn't be allowed to happen, and what has plagued cybersecurity for over a decade, is a refusal to learn from those well-intentioned mistakes.

What am I talking about? Let me take you back 14 years…

Failing to learn from the past

In April 2010, McAfee released a faulty antivirus definition update that mistakenly identified a Windows system file as a virus.

As a result of the faulty update, many Windows operating systems, predominately Windows XP Service Pack 3, had a critical system file quarantined or removed. This led to several problems, including system instability, repeated crashes, and the dreaded 'blue screen of death.'

Just like the recent CrowdStrike fault, it caused severe operational disruption to businesses, individuals and even governments worldwide, with many facing long downtimes that cost a significant amount of money to restore and recover from.

If this sounds remarkably similar to the outage we witnessed last month, that’s because it is. The similarities are striking.

Both McAfee and CrowdStrike's systems work by detecting any issues in the cybersecurity chain, and to do so, they must install an agent on every single device. This meant that when everything went down, every single user was unable to access their network or system, damaging their productivity and, ultimately, their company’s revenue.

McAfee and CrowdStrike honestly believed they were looking out for users and businesses, but ultimately, their philosophy of having an agent on every device to detect any weaknesses was a huge error -- one that just isn't necessary.

It's easy to explain the problem, but what is the solution? Well, first and foremost, there needs to be a shift in mindset.

A mindset shift is required

Simply put, the cybersecurity industry needs to switch its focus from detection to prevention. If they did that, having an agent on every device wouldn't be necessary, and outages like CrowdStrike and McAfee would not create so much disruption. That is the shift in mindset that is needed.

But there's a reason why it hasn't yet -- it makes a lot of people a lot of money.

Individuals and businesses sign up for ongoing subscriptions and pay consulting fees and digital audit charges. Guess what? The detection-based security companies dominate this market.

So, any move to a method that prevented attacks would likely eradicate the revenue streams these businesses have become used to.

However, working towards a preventative cybersecurity method is the right thing to do, and it’s not impossible, as many experts will have you believe. The technology already exists with the principles of transitive trust and MFA 2.0 in which access to an individual's or business's accounts and data is only possible on trusted devices, by trusted users, and under the users’ total control.

It's also further evidence of the alarming trend that the cyber industry leaders continue to push out and promote updates and solutions that have not been rigorously tested. When they inevitably fail, they expect innocent businesses to pick up the pieces.

The simple truth is that the whole cybersecurity industry needs to improve its mindset and standards. There continues to be a 'can’t do' attitude toward stopping these types of issues rather than a positive attitude focusing on preventing these types of problems.

It's time to right the wrongs

In conclusion, the recent Microsoft outage shows that the cybersecurity industry has failed to evolve since a similar incident caused by McAfee in 2010. The failure to learn from mistakes has cost businesses and individuals time and money, and we can’t let it happen again.

The road ahead must focus on prevention over detection to safeguard against future disruptions. To do this, there must be a shift away from the status quo, and the industry needs to develop an open-minded approach to the technology that is now available, even if it harms its profit margins.

Image credit: IgorVetushko/depositphotos.com

Al Lakhani is a recognized cyber security expert, digital identity crusader, inventor, entrepreneur, & university lecturer. With more than 25 years’ experience in cyber forensics, Al is a proven expert in the field of cybercrime and data forensics and has spent more than 26 thousand hours during his career working on the topic of digital identities, his number one passion.

Prior to founding IDEE, he founded the Forensics & Cyber Investigations unit at Alvarez & Marsal. Al’s most notable projects include the wind-down of Lehman Brothers and Washington Mutual and interim COO of Rubicon Global. Al also taught applications of blockchain technology at Munich University.

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.