The National Cybersecurity Protection System is giving Einstein a bad rap

According to Panda Security’s PandaLabs, 2015 saw the highest number of recorded cyber attacks yet, confirming what everyone expects, virtually on a yearly basis.  What, with the 230,000 new malware samples created daily, millions of Trojans and other viruses, is it any wonder that this trend only looks to increase this year?

Reports like this, and similar forecasts, don’t inspire much optimism when word comes out about the government’s continued struggle against hackers not being all that it could be.  In this case, it’s a $6 billion security system, the National Cybersecurity Protection System (nicknamed Einstein), not giving Homeland Security its money’s worth.  An audit by the Government Accountability Office revealed that Einstein ain’t actually all that smart: its ability to detect intrusions into a network is limited to relying only on signatures of known methods of attack.  What it lacks are more complex defenses, like detecting anomalies in system traffic in order to have a better chance of responding effectively in the case of zero-day exploits, for example.  From the report, Einstein doesn’t exactly scream “high-end federal data protection,” especially when it has only been implemented at 5 of the 23 intended non-military government agencies.  If the Administration wants to inspire confidence in its capability to confront the ever evolving cyber threats out there, billions spent on what sounds little superior to a standard antivirus program might not be the best way to go.

Now, you might think, “Oh, but that’s just the government, of course they have problems.  Surely private companies manage better.”  To a degree, you would be right.  A Veracode survey last year showed that government agencies are likely to patch any discovered security flaws in their software only 27 percent of the time, against 81 percent from private companies.  However, these entities should not gloat too much, recalling the record of businesses breached in the past few years.  And who knows yet if there will turn out to be any fire under this Wendy’s smoke, now that they’ve hired a security firm to investigate a potential credit card breach reported by its payment industry contacts.  Other companies, meanwhile, are feeling the costs of data breaches worldwide, including Indian broadband, TV and telecom provider TalkTalk.  Since an October breach resulted in 4 million customers affected, TalkTalk has witnessed a loss of about 250,000 customers, and also seen its share of the home services market decrease by 4.4 percent in terms of new consumers.

It doesn’t take Einstein to see the challenges facing the industry in the coming year, or to predict that it’s not going to abate.

By: Jonathan Weicher on February 02, 2016
Originally published at: www.netlib.com
Copyright: NetLib