Cisco's chief security officer John Stewart has urged security professionals to "get back to basics" and fix simple vulnerabilities rather than focusing on the latest threat.
The security chief told attendees of the Australian Information Security Association 2011 conference in Sydney today that while security professionals addressed the latest problems, or “shiny things”, basic security holes left for 20 years remained exposed.
“I’m sick and tired of getting hit by 12-year-old [hackers] and I am very irritated about what I will leave behind for my kids," Stewart said.
He said those in the security profession were frustrated by trivial penalties for cyber crime and business executives who show little interest in helping to reform security practice.
"It's time to get mad," Stewart said, speaking of the need to tackle security problems without delay.
The proliferation of simply security holes had led the Federal Government's Defence Signals Directorate told outline 35 basic mitigation strategies for enterprises and other governments.
“It’s not exciting stuff ... do less well and do it really well," Stewart said.
In order to effectively remove vulnerabilities in future, Stewart urged security professionals to grow ties with organisations who maintained an "attacking" role in the industry, such as the Australian Federal Police, Interpol and national CERTs.
He also said professionals should share their defence strategies within the industry.