6 security measures you’ve put off too long


At last count, more than 200,000 victims in 150 countries have been hit with the weaponized WannaCry ransomware worm. In the United Kingdom, , potentially threatening patients’ lives.

Haven’t we had enough? It’s time to stop pretending that lukewarm, poorly executed security measures are really doing something about the problem. Good computer security solutions exist that will absolutely diminish cybercrime. We just have to recognize and apply them.

We should already have been doing this for decades, but the criticality of the internet and the coming IoT era make the need for stronger solutions more urgent than ever. As Bruce Schneier says in my recently released book, “,, IoT represents a tectonic shift in security:

It’s one thing when a spreadsheet has a vulnerability and crashes or gets compromised. It’s something else when it’s your car. Weak computer security will kill people. It changes everything! I testified in Congress last month about this topic. I said now is the time for getting serious. Playtime is over. We need to regulate. Lives are at stake! We cannot accept the same level of crap software full of bugs. But the industry isn’t prepared to take it seriously, and it has to. How can the people working on better securing cars actually do that when we’ve never been able to stop hackers and vulnerabilities in the past? Something has to change. It will change.

Meanwhile, we’re still waiting for substantive action. For example, President Trump’s  may seem like a step in the right direction, but it’s filled with much of the same language and broad focus that doomed previous initiatives. Until we have defined tactical requirements with specific accountability, not much will change. We already have enough frameworks and policies to shake a stick at.