Warning: "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? in /home/customer/www/alancalderitgovernanceblog.com/public_html/wp-content/themes/schema/options/php-po/php-po.php on line 187
One arrest does not a solution make - Alan Calder on IT Governance, Cyber Resilience, ISO 27001 and Brexit

One arrest does not a solution make

As Iran has discovered, arresting individuals the government doesn’t like, or doesn’t agree with, doesn’t stop others protesting. Quite often, as Tunisia, Egypt, Libya, Yemen and others learned, arresting one person can lead to far more violent, vigorous and ultimately destructive protests.

The arrest, last night, of a 19-year old man alleged to have been one of the Lulz masterminds will not immediately patch the Internet security vulnerabilities that have been so gleefully exploited by hackers over the last few weeks. Unpatched security vulnerabilities are still an open invitation to hackers to penetrate an organisation’s data banks and, as has been proven time and again, there are lots and lots of hackers interested in proving their prowess. Many are also interested in the commercial resale value of what they are able to access.

Arresting one or more hackers is not a solution to cyber security weaknesses. The only practical solution is to identify those weaknesses and then remediate – and, as I’ve said before, that is a very straightforward process: vulnerability scanning, penetration testing, and then remediation – patching vulnerabilities, training staff, and improving technical security architectures.

The only solution to the cyber security threat is better security.