Fixing the unfixable
There's a horrible familiarity about the threats facing organisations and individuals this year but, as Travelex has amply demonstrated, that doesn't mean enough is being done to combat them. More than two weeks after a ransomware attack, its website remains down (apart from a message of explanation). The attack is believed to have exploited vulnerable Pulse VPN servers, which Travelex was warned about last September. This week, agreement was reached on nearly $3.4 billion to be paid by credit reference agency Equifax following the breach it experienced in 2017. It too ignored a warning about vulnerabilities in its systems. This is clearly not a sustainable situation and The Register website suggests a solution involving a compulsory bug bounty backed up by regulatory force. Vulnerabilities would be communicated to the organisation and regulator at the same time. Whoever found the issue would be paid a reward and the organisation would receive a small fine. Failure to address the issue would result in the vulnerability being published and a much larger fine.