Cat lawyer’s out-of-date software points to larger cybersecurity problems

Our mission to make business better is fueled by readers like you. To enjoy unlimited access to our journalism, subscribe today.

Texas attorney Rod Ponton became an Internet sensation after a webcam mishap transformed him into a maudlin kitten during an online court hearing this week.

The Kafkaesque absurdity of Ponton’s situation drew laughs from far and wide. But the obvious humor of one lawyer’s furry faux pas masks a more concerning problem plaguing the technology world: In addition to professional embarrassment, outdated software creates cybersecurity risks.

Ponton said he was using an old PC supplied by an assistant; in this case, a decade-old Dell desktop computer that came loaded with avatar-augmenting software, likely Live! Cam Avatar or Crazy Talk 4, as BBC and Forbes have noted. Using technology that out of date, circa 2010, can render people open to bugs and hacks.

On a separate and sadly cat-free Zoom online panel on Thursday hosted by Fortune technology executives touched on the amusing incident as they discussed, among other subjects, the cybersecurity outlook for 2021.

John Roese, Dell Technologies’ global chief technology officer, said Ponton’s blunder gave his colleagues a good laugh, but also sparked some concern. “The moral to the story, interestingly enough, is that code probably should not be there anymore,” he said.

“Normal patching and upgrade cycles would have long deleted that [software]. It would never have been there,” Roese continued. “As your software technology evolves, keeping up to date can actually avoid some unintended consequences,” he said—like, but not limited to, being a virtual cat.

More serious consequences include leaving openings for hackers to steal data, commit extortion, and other threats. Keeping one’s systems updated is, generally, the best way to guard against such perils.

Of course, applying software patches is not foolproof, as a recent wide-ranging breach of the public and private sector in the U.S. makes clear. Hackers, allegedly Kremlin-sponsored, subverted the software-update mechanism at an IT network software company called SolarWinds, among other methods of intrusion at other companies, as a springboard to break into systems across the federal government and corporate America. (Read more about the fallout in the latest issue of Fortune magazine.)

Software supply chains can be notoriously complex and opaque, making it difficult for anyone to untangle messes like that recent hack. One solution to this problem involves exhaustively cataloguing information about computer programs and their component parts in what’s known as a software “bill of materials.”

Dell’s Roese said such documentation would provide transparency and “an understanding of software’s provenance, what’s inside of it, and who created it.” Efforts to standardize software bills of materials will occupy technologists’ attention “definitely for the next four or five years,” he said.

Miriam Hernandez-Kakol, global head of management consulting practice at accounting firm KPMG, who also joined the call, agreed that cybersecurity requires “a very different mindset” versus what passes muster today. Companies must learn to “embed [cybersecurity] from the beginning,” she said, “rather than thinking about it as an add-on.”

“We are no longer standalone companies. The connective tissue and the fabric that we have with each other goes beyond,” said Emily Heath, chief trust and security officer at DocuSign, the e-signature tech firm. “We’re getting questions now not just on third parties but on fourth parties as well.”

It doesn’t help that hackers are getting craftier all the time. Jennifer Lopez, who heads Capital One bank’s product innovation lab, said she believes fraudsters have innovation labs of their own. “Really smart people are trying to game the system and figure out how to get access to customers’ data,” she said. (Capitol One suffered its own high-profile hack in 2019, later paying an $80 million fine to U.S. regulators.)

The world of cybersecurity poses many challenges. But patching one’s software—and avoiding obsolete, potentially vulnerable programs—is one small way to stay ahead of the hackers. A blog post Dell posted to its website after the Ponton episode underscored the point better than anyone else.

“We’re not kitten around with those software upgrades!” it said.