Stuxnet's Legacy: Get Back to Basics or Get Owned

Gunkerty Jeb writes "Attacks such as Stuxnet, Operation Aurora or GhostNet are not what most enterprises and organizations need to be worried about. The plain fact is that most organizations are falling far short in protecting against the same threats that they've faced for the last 10 years. SQL injection, phishing, malicious attachments, social engineering. Old, every one of them. And yet, still incredibly effective at compromising networks in some of the best-known and theoretically best-protected companies."

Re:Perspective

[COMON$]

Now this is a mixed message because coming up through the IT field it was the old timers causing the security problems. "What? I have to clean my inputs? This is the way I have always done it and this is how I am going to keep doing it" as well as "bah, our company is not a target".

Now it is 10 years after I entered the field full time, things are FAR FAR FAR FAR FAR better. Yes there are still old sites out there, there are still companies that don't update their security because they are struggling to keep the lights on. But seriously as opposed to 10 years ago, Infosec is widespread, companies have security training seminars for employees, Pentests are a regular phenomenon. This increased security is largely because those of us who grew up with tech, intentionally went into the field, and really enjoy the work are now getting to the 10-15 year range on experience and fixing all the damn problems our predecessors set before us. All the while doing our best to defend against the up and comers who are trying to push out projects as fast as possible to pad their resume.