US ballistic missile systems have very poor cyber-security | ZDNet
DOD report finds no antivirus, no data encryption, no multifactor authentication.
According to Mark Miller, director of enterprise security support at Venafi, “This report is not surprising. In larger organizations, IT workers may assume that their work only makes up a minor role. However, this mindset can be prevalent in others and soon tasks may be overlooked, and risks begin to pile up.
IT security work tends to be very siloed, but everything really is still connected. For example, if you are using old software, it’s likely you also have some weak encryption keys, and possibly lots of unknown SSH keys. Any of these can be exploited in attacks. In addition, if you are not updating and patching your systems, you open yourself up to years of previously established attacks. It really is crucial to encrypt your data in transit as well and to know what is entering and exciting your network. Unfortunately, many organizations don’t know what is at risk until hackers, out of the kindness of their hearts, let them know.”