It isn't known if Duronio will appeal. Chris Adams, Duronio's defense attorney, didn't return calls.
Victim Under Attack
During the seven-week trial, Adams painted an ugly picture of UBS's security infrastructure and practices. He hammered on the fact that all the root users on the Unix-based system had the same password and that UBS logs weren't able to track which root user was giving commands on the system. He also focused on a back door found on a server in the main data center the year before the attack. UBS security was so riddled with holes, Adams said, it was impossible to tell who might have "masqueraded" as his client and planted the logic bomb.
But a forensics investigator who spent more than three years analyzing backup tapes, logs, and source code from UBS's network says the company's security setup was solid. "It was strong," says Keith Jones, the government's star witness and director of computer forensics and incident response at Mandiant, an information security company. "They knew where their weaknesses were, and they were trying to address them. UBS did a lot of things right."
Alan Paller, director of research at the SANS Institute, says it's easy to identify a few problems and make them look like a security fiasco. "You can do 5,000 things right and only one thing wrong, and that's what they'll rake you over the coals with," Paller says. The real issue here, he adds, is the insider.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
There are many network courses that can address your present job's priorities and help you gain the needed skills to keep pace with industry changes and new technologies.
