Security is in the spotlight at the moment for several reasons. Some stories we read about daily, some we read about and then have to reread them.
A company called AdaptiveMobile has spotted that there is a security flaw in the network slicing elements of 5G. This could enable massive Distributed Denial of Service (DDoS) attacks and, at the same time, prove just how right everyone was about 5G and potential vulnerabilities.
We recently reported that APAC security is not being given the attention (and budget) it deserves. A report from Sophos uncovered the worrying result that 70% of APAC organisations have been hit with a cyberattack in the last year, up about 30% on the year before. More worrying, the Boards of most companies have not increased vigilance or budget and have taken an indifferent approach to the issue of security.
We know that remote working increases the vulnerabilities for various reasons, not least because of the extra blurring of the edges between work and play, a nightmare for a company’s security teams.
And if you think that it is good old tech and telecoms that is failing here, then you will be relieved to know that financial institutions (albeit in the US) are failing to protect their customers against fraud, and the number of complaints has increased dramatically.
The new twist comes at a global level.
Companies out there are exceptionally good at spotting vulnerabilities and sharing that information for everyone’s benefit. Once spotted and shared, the vulnerability stops being one. We have reported that Google’s Project Zero is the Number 1 Seed when it comes to spotting zero-day vulnerabilities, but recently the team did something unusual, which will trigger heated debate for months and years to come.
They spotted a series of zero-day security flaws that were being exploited very fast and very efficiently, and they knew from the level of sophistication that it was a Government-backed player.
They shut it down. Then they discovered it was a US ally.
Then they not only shared the vulnerability but went public with the story.
Which is why we had to read it again.
The team at Google (Do No Evil) decided that by sharing a security flaw that a Western Government was exploiting, it closed down that attack vector for everyone, and everyone would be safer as a result.
It is a weird one. Ethically you can see the logic of publicly shutting down a counter-terrorist operation because it would – ultimately – benefit everyone. On the other hand, Google (for it was they), a US company, essentially compromised an operation that could close down terrorist cells, shut down supply chains, save lives.
Again, it also demonstrates that big tech companies are now above mere national and international politics, even the cloak and dagger stuff.
Which does make you wonder.