Cyber Security is Bull***T — This is why.
-
Imagine you are sitting at home just drifting off to sleep, during the night you briefly stir as you think you hear a noise, hearing nothing further you go back to sleep.When you wake up in the morning, you go to work, you come home, you go about your life.
3 weeks later a policeman arrives at your home to tell you that someone has been sneaking into your house every night, reading your letters, going through your possessions but not leaving any obvious sign or damage to any windows or doors. They’ve not caught the person, they are still out there.
You now feel a sense of fear: “how do I stop this happening again to me?” you ask.
Do you need alarms? Guard dogs? CCTV and guns? No…you just need to lock the front door.
I have not posted the full piece purely because converting the formatting is a nightmare. Read the full one here: https://medium.com/dara-it/cyber-security-is-bull-t-this-is-why-51f53da6d3cf
-
@Breffni-Potter You have a point, I'll say this. If I were to hack a company (which I would never do) I'm going to choose someone who has "left the front door unlocked" why would I choose a far more difficult target if there are tons of easy targets that are just as profitable?
-
@QuixoticJeremy There is still a sense of achievement to bringing down say... DynDNS for a day.
https://dyn.com/blog/dyn-statement-on-10212016-ddos-attack/
Not an easy thing to do but some attacks are more about the fame than the profit.
-
@Breffni-Potter Also a valid point, there are plenty of grey hat hackers out there that are in it for the achievement/knowledge. I would say that the more malicious "hackers" wouldn't tend to care about that side of things though.
-
Well, if there's only one way into a building, and it xrays you as approach the door, and finds you carrying a gun... it won't let you in. Period. Even if you know my secret door knock, name, and password, the xray finds the gun and doesn't' even let you get that far.
That's what is so great about gateway anti-viruses and SSL inspection that protect against Trojans and other malware such as these wcry things. Even if you are free to come in, the door is unlocked, it'll see that and won't let it in.
That's one example of stopping it without using your 3-method.
I'm not saying there's no way... you could disguise the gun as something else potentially... but that's besides the point.
If there's a will, there's a way. Layers are the best approach. Even if you think you are safe.
-
Wouldn't the assumption be the more secure they are the more valuable the information they are attempting to protect--at least some kind of range?
-
@wirestyle22 Understandable assumption but there are plenty of profitable environments out there that are not very secure.
-
@QuixoticJeremy said in Cyber Security is Bull***T — This is why.:
@wirestyle22 Understandable assumption but there are plenty of profitable environments out there that are not very secure.
But how many low value targets are very secure?
-
@Tim_G said
That's one example of stopping it without using your 3-method.
Yes, a wonderful scanner. Except you need to buy 10x of them to cover a larger building. Where as if you did the much cheaper option, The need for the x-ray scanner falls.
-
Even if you keep everything up to date, and patch zero days within 4 hours of release all it takes is one human error to take down your entire network.
You are also assuming all IT employees use best practice which is wrong. Especially in SMB when management doesn't allow best practices. Not all breaches are the popular ones in the news.
-
@Breffni-Potter said in Cyber Security is Bull***T — This is why.:
@QuixoticJeremy There is still a sense of achievement to bringing down say... DynDNS for a day.
https://dyn.com/blog/dyn-statement-on-10212016-ddos-attack/
Not an easy thing to do but some attacks are more about the fame than the profit.
Yup, but hacking and DoS aren't the same. Very different kinds of things.
-
@wirestyle22 said in Cyber Security is Bull***T — This is why.:
Wouldn't the assumption be the more secure they are the more valuable the information they are attempting to protect--at least some kind of range?
Yup, more security means a more enticing target. Higher fruit, but less likely to have been already spoiled.
-
@QuixoticJeremy said in Cyber Security is Bull***T — This is why.:
@wirestyle22 Understandable assumption but there are plenty of profitable environments out there that are not very secure.
Most.
-
@wirestyle22 said in Cyber Security is Bull***T — This is why.:
@QuixoticJeremy said in Cyber Security is Bull***T — This is why.:
@wirestyle22 Understandable assumption but there are plenty of profitable environments out there that are not very secure.
But how many low value targets are very secure?
Very few.
