The week in security: Record-setting DDoS highlights need for security-policy reset

Security records are getting harder and harder to set, but a massive distributed denial of service (DDoS) attack did that as GitHub was hit with a 1.35Tbps attack that was the biggest on record – and took the site down for 10 minutes.

It was a prima facie example of the dangers of a Memcache exploit that can massively amplify traffic.

The frequency of such attacks may be causing headaches for CSOs, but it is also creating new opportunities for companies to review and update their security postures.

This includes improvements to patchy smartphone updates as well as fixing issues with bugs like Spectre and Meltdown, which Microsoft has decided to host on its own site after many users were not receiving their patches in other ways.

Often, security postures are compromised not just by bugs, but by insecure practices that need to be fixed, some security researchers have noted.

Companies also need to be aware of the changing climate around nation-state attacks – which, reports suggest, are expanding beyond purely political motivations to increasingly target corporate interests.

It’s a change in outlook that reflects the changing nature of the cybersecurity threat – and the industry that responds to it. Addressing other issues in that industry are a group of Australian delegates that will this month join United Nations representatives from 192 other countries to discuss ways that technology can empower women around the world. Information security plays a role in this, so it is fitting that one of two civilian delegates is an Australian CSO with a long history of advocating for women in tech.