There’s gold in them thar exploits

In a career that has spanned over 20 years in IT I have met a lot of people from different industries. Many of these people I have not kept in contact with and some I have. Occasionally when talking to some of them something will be said that might not hit home until a little later. This was the case with something that was said to be by an acquaintance who just happens to work as a technical manager at a security consulting company. During our talk I mentioned that it seemed like systems were getting much more insecure, and he joked saying: why would any security company want to work themselves out of business?

 

After that we joked about the number of times that we both had done exactly that. At the time I did not think about it, but now a few weeks later I have been thinking about it. As the internet becomes a more and more open place cluttered with devices that are filled with exploits the security companies have been having a heyday. People feel the need to protect themselves from the thousands of pieces of malware that are floating out there and buy devices to prevent someone from getting into their home networks. Yet these devices and product all have flaws that exist in them. We have seen that there are flaws in almost all residential and SOHO (small office, home office) routers and “firewalls”. These flaws allow a malicious person to gain unrestricted access to your router and eventually the systems in the inside.

On the software side we have operating systems, plug-ins applications and even games with massive flaws in them that allow for exploitation. Just look at Oracle and their patch of 127 security issues in Java. To counter this the security industry is there to step up and help,… for a price of course. This market has extended into the mobile world now where there are countless apps designed to protect you from the bad guys out there on the mobile web. In the corporate world the money is even bigger as there are appliances, cloud services, virtual systems and more to make you feel safe. Many of these start in the tens of thousands of dollars. One solution that I saw was $50,000 for basic services before you even looked into the licenses needed to protect all of the people in the organization.

Now can you imagine any company that would want to give that up? I know that I cannot. This is not to say that security companies are intentionally or knowingly leaving you or any company open to intrusion or exploit. They do not want you to get hacked or have any serious damage done to your systems, but there is no company out there that really wants to build a system or protection that does not need constant updating or fixing (those maintenance deals are gravy money). After all, you always know when the something is a money making industry when the big investors start throwing cash at it and that is what is happening right now.

Tell us what you think in our Forum

 

No comments

Leave your comment

In reply to Some User