Infosec Headlines; Seek the Truth Beyond the tl;dr

With more and more media coverage of Infosec topics, headlines designed to provide some level of FUD can be expected.  Between Stunt Hacking and often over exaggerated vulnerabilities (the kind that get a logo and catchy name), it can be hard to management teams to wade through the muck.  We want to avoid knee-jerk reactions.  Getting to the meat and potatoes of an news story can often lead to the details that are actually important and often missed in the tl;dr version.  Since you might be looking for the tl;dr version of this article, here you go:

            READ THE ENTIRE ARTICLE; FIND THE FACTS! 

The most recent example of how tl;dr doesn’t do enough justice and causes panic can be seen in recent headlines about a medical equipment freezing during heart procedure because of anti-virus.  When I first saw this, I thought for sure, someone died.  Flashy headlines and social media spun this a bit out of control.  Those blurbs are what the board often heard about.

 Facts:

• PC “Froze”/became unresponsive
• Freezes are required to be reported to vendor
• Root Cause revealed AV Scan was occurring hourly
• Patient Safety was NOT compromised
• Vendor had provided IT Staff with Exclusions and Setup Instructions

Arguable Conclusion:

• “…the whole incident was nothing more than an oversight on the medical unit's side”

When you dig in, you see there is a lot of misses and opportunities for improvement.  The IT Staff needed to perform the configuration and the Medical Staff needed to assure application performs and is configured correctly. This isn't Infosec Gone Crazy...You aren’t getting it was a breakdown in procedure in the tl;dr version.