The Standard

Embrace full disclosure to curb IT breaches

By Standard Digital | 15yrs ago

By Muthoka Kioni

Many local companies experience IT security breaches and keep quiet about it. A breach is a rupture, break or gap whose cause has not been determined. It can be more vividly defined as an opening. Digital walls protect valuable data systems and when they are breached the repercussions are extremely costly to both individuals and companies.

When a tree falls in a forest, it certainly makes a sound the same way as when a perimeter wall collapses. If no one hears the tree crashing down or the wall falling, then the event is not immediately discovered.

What if a computer network is vulnerable or breached and no one knows? Is it insecure? A collapsed section of a wall makes it insecure to those who know about the vulnerability. This also applies to a computer network with a security hole. If no one knows about it, then the computer network or digital wall is secure.

However, if someone knows about it, then the IT system is insecure to the discoverer but secure to everyone else. If part of your perimeter wall is vulnerable and you do not know about it, then to you it is secure. But it presents an opportunity to a robber who knows about it.

Avoiding secrecy

What if you knew that your network was vulnerable? What if you knew if part of that wall round your home was vulnerable? Would you publicise this fact?

The vulnerability exists, whether or not anyone knows. Keeping computer breaches and vulnerabilities secret does not guarantee security. An attacker can’t exploit a vulnerability he does not know about. A defender, also, cannot protect a vulnerability he does not know about.

In Information Technology, security that is based on publishing breaches and vulnerabilities is more robust. Those companies that suffer hacking attacks and keep them secret undermine the natural flow of information. Instead of fighting this flow, companies should embrace full disclosure, which ensures they end up with more security.

The Internet is still insecure, but it would have been much worse if its software vulnerabilities had been kept secret. Disclosure about its vulnerabilities has resulted in many of them being fixed.

Companies should stop sweeping their vulnerabilities and problems under the rug. They should instead embrace the full disclosure security policy. This will not only enhance their system security but also prevent those holes in their walls being announced in blogs and newspapers.

The writer is an ICT Security and Forensic Specialist. Email: [email protected]

Related Topics

ICT security
.

Latest Stories

Explosions in Iran, US media reports Israeli strikes
Explosions in Iran, US media reports Israeli strikes
Asia
By AFP
11 mins ago
Premium CDF Ogolla's last moments in troubled North Rift
National
By Standard Team
13 mins ago
One year on, Shakahola victims' families struggle with closure
Africa
By AFP
13 mins ago
.

The Standard Insider

North Rift: Kenya's valley of death
By Julius Chepkwony and Steve Mkawale 13 mins ago
Premium North Rift: Kenya's valley of death
CDF Ogolla's last moments in troubled North Rift
By Standard Team 13 mins ago
Premium CDF Ogolla's last moments in troubled North Rift
Military top shots likely to succeed CDF Ogolla
By Fred Kagonye and Benjamin Imende 13 mins ago
Premium Military top shots likely to succeed CDF Ogolla
General Ogolla: Gallant officer rose to the top of Defence Forces
By Brian Otieno 13 mins ago
Premium General Ogolla: Gallant officer rose to the top of Defence Forces
.

Digger Classified

DIGGER MOTORS

DIGGER JOBS

DIGGER REAL ESTATE

GET OUR NEWSLETTER

Subscribe to our newsletter and stay updated on the latest developments and special offers!

CONNECT WITH US

FOR THE LATEST JOB ADVERTS

join Digger Classifieds telegram channel
The Standard
© 2024. The Standard Group PLC. All rights reserved