Opinion: Unending Ransomware Attacks Are a Symptom, Not the Illness
Arthur T Knackerbracket has processed the following story:
Imagine an inverse Black Hat conference, an Alcoholics Anonymous for CISOs, where everyone commits to frank disclosure and debate on the underlying structural causes of persistently failing cybersecurity syndrome
It's been a devastating few weeks for UK retail giants. Marks and Spencer, the Co-Op, and now uber-posh Harrods have had massive disruptions due to ransomware attacks taking systems down for prolonged periods.
If the goods these people sold were one-tenth as shoddy as their corporate cybersecurity, they'd have been out of business years ago. It's a wake-up call, says the UK's National Center for Stating the Obvious. And what will happen? The industry will just press the snooze button again, as we hear reports that other retailers are "patching like crazy."
The bare fact that entire sectors remain exquisitely vulnerable to what is, by now, a very familiar form of attack is a diagnostic of systematic failure in the way such sectors are run. There are few details of what exactly happened, but it's not the details that matter, it's the fact that so little was made public.
We see only silence, deflection, and grudging admission as the undeniable effects multiply - which is a very familiar pattern. The only surprise is that there is no surprise. This isn't part of the problem, it is the problem. Like alcoholics, organizations cannot get better until they admit, confront, and work with others to mitigate the compulsions that bring them low. The raw facts are not in doubt; it's the barriers to admitting and drawing out their sting that perpetuate the problem.
We know this because there is so much evidence of corporate IT's fundamental flaws. If you have been in the business for a few years, you'll already know what they are - just as surely as you'll have despaired of progress. If you are joyfully innocent newbie, then look at the British Library's report into its own 2023 ransomware catastrophe. It took many core systems down, some of them forever, while leaking huge amounts of data that belonged to staff and customers. As a major public institution established by law, and one devoted to knowledge as a social good, the British Library wasn't just free to be frank about what happened, it had a moral obligation to do so.
Read more of this story at SoylentNews.