Editorials

It seems that is the time once again to talk about the relationship between software vendors and the security posture of different business verticals. Why are we beating this particular dead horse? Well with the Covid-19 Pandemic, the rush to shift to remote work force and an increase in attacker activity aimed at the remote workforce and healthcare you would think that there would be an increase level of effort to fix vulnerabilities in remote access and healthcare services software. If you thought that, you would be wrong. Instead during this time, we are seeing more software vendors pushing FDA as law and healthcare organizations even refusing opportunities to patch critical software. This on top of an extremely slow response to threat to the remote workplace.

In December 2019 a new virus was detected in Wuhan China, this virus (COVID-19 or the Coronavirus) has spread rapidly through out China and the rest of the world. With its apparent ease of transmission and difficulty in detecting (early stages can look like the Flu), many companies are looking into allowing employees to work from home more in an effort to slow down the spread of this potentially deadly virus. The question is, are these companies really ready to have so many people connecting in from home, or are we potentially opening or a massive hole that threat actors are bound to exploit.

The IT Security industry has spent billions of dollars on software to keep you “safe” from malware and attackers. Whether that money was spent in marketing or actual product improvement is up for debate. Still the fact remains that each year we hear about new advances that can keep you and your systems safe from Malware and or threat actors. Almost all of these systems rely on software to do their job and in most cases cannot even see beyond the OS they reside on. This focus has caused the development of a massive blind spot, hardware-based attacks.

Although not a new subject here at DecryptedTech we thought it was time for us to dive into three of serious issues in the security world (out of many). The three we are covering today are emerging technologies, stale technologies and how the security, and IT, skill set seems to be diminishing. All three are cause for concern and often seen as at least contributing factors in breaches. What make this more interesting is that in many cases the three are connected.