Experts from Portland, OR-based Tripwire (www.tripwire.com), provider of advanced cybersecurity threat solutions, commented on the FCC’s announcement that AT&T has agreed to pay $25 million to settle the FCC investigation into the consumer privacy violations that exposed information for more than 250,000 customers in the US. Here to comment on this news is security experts: Chris Conacher, director of security research and development at Tripwire, Craig Young, security researcher at Tripwire and Philip Lieberman, cybersecurity expert and president of Los Angeles-based Lieberman Software.
Chris Conacher, Director of security research and development, Tripwire (www.tripwire.com):
“Twenty-five million dollars may sound a lot but it is not even a slap on the wrist for a company whose yearly advertising budget is over one billion dollars. If you really want companies to think about security you need to do something that makes the decision-makers sit up and listen. If all you are doing is making tiny deductions against the bottom line, businesses are going to keep on doing what they do and consumers will keep on suffering.”
Craig Young, Security researcher, Tripwire (www.tripwire.com) :
“I’d like to think that sizable fines such as AT&T’s $25 million penalty are enough to get corporations to think more seriously about security, but the unfortunate reality is that many organizations probably view this as a ‘cost of doing business.’ The fact of the matter is that security is complicated and no security vendor can promise bullet-proof solutions. As long as the fines aren’t putting businesses into bankruptcy (or even serious financial peril for that matter) executives and boards are free to decide they are better off investing the bare minimum in security and saving the rest for possible breach costs and fines.
Ideally, corporations should be motivated to take cybersecurity more seriously for the sake of protecting their customer base and their brand reputation but that’s not the reality today.”
Philip Lieberman, Cybersecurity expert and president, Lieberman Software (www.liebsoft.com):
“Classic insider threat scenario…that was discovered and acted upon. Most of these go undiscovered and systems remain uncontrolled and unmonitored. The cost to implement a control would be one-tenth (or vastly less) of the cost of the fine and other losses. It would, however, require a change in process which is generally harder than the purchase of any technology. The C-level staff will have to explain this to the board as to why they did not implement a control when the cost would be trivial. This one goes toward the leadership of the IT team in place.”
Duo Security RSAC 2015 – Register to win a free Quadcopter
About Tripwire
Tripwire, Inc., a global provider of risk-based security and compliance management solutions, today announced Tripwire® Enterprise™ version 8.3 featuring a new, stand-alone Policy Manager™. Tripwire Policy Manager provides the detailed visibility into system configurations critical to minimizing security risks and ensuring compliance.For more information visit here www.tripwire.com
About Lieberman Software Corporation
Lieberman Software provides award-winning privileged identity management products to more than 1200 enterprise customers worldwide, including nearly half of the Fortune 50. By automatically locating, securing and continuously auditing privileged accounts, both on-premises and in the cloud, Lieberman Software helps protect access to systems with sensitive data, thereby reducing internal and external security vulnerabilities, improving IT productivity and helping ensure regulatory compliance. The company developed the first solution for the privileged identity management space, and its products, including Enterprise Random Password Manager (ERPM), continue to lead the market. Lieberman Software also provides a mature line of Windows security management tools. The company is headquartered in Los Angeles, CA, with offices and channel partners located around the world.
For more information, visit www.liebsoft.com
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.