UK To Fine Some Service Agencies if Found with Inadequate Security

mlnews

Interesting article from Nextcloud's Blog looking at the risks of having inadequate security for your organization if you are in the UK and provide one of a number of services as listed by the government. The British government may start fining organizations that are found to be lacking in their security measures.

NashBrydges

This is from the same government that wants to insert backdoors into all encrypted communications? Gotta love the duplicity of that kind of bull$hit! Let me poke holes in your security but if you get breached, I'll punish you. Lol

CloudKnight

100% agree with your comment Nash...That Amber Rudd women spoke about how facebook, whatsapp and many others should let government agencies have backdoor access. I say they should go F** themselves! - Non technical people in high power should not be able to stipulate comments like that...

scottalanmiller

@stuartjordan said in UK To Fine Some Service Agencies if Found with Inadequate Security:

100% agree with your comment Nash...That Amber Rudd women spoke about how facebook, whatsapp and many others should let government agencies have backdoor access. I say they should go F** themselves! - Non technical people in high power should not be able to stipulate comments like that...

Non-technical people shouldn't be in power. Non-technical is really just a general code phrase for "not smart."

NashBrydges

@scottalanmiller said in UK To Fine Some Service Agencies if Found with Inadequate Security:

@stuartjordan said in UK To Fine Some Service Agencies if Found with Inadequate Security:

100% agree with your comment Nash...That Amber Rudd women spoke about how facebook, whatsapp and many others should let government agencies have backdoor access. I say they should go F** themselves! - Non technical people in high power should not be able to stipulate comments like that...

Non-technical people shouldn't be in power. Non-technical is really just a general code phrase for "not smart."

Ouch! lol

CloudKnight

@nashbrydges I perhaps did word that incorrectly, what I meant was - It's like me telling a stock broker how to do something, when I have no experience in the subject.

scottalanmiller

@nashbrydges said in UK To Fine Some Service Agencies if Found with Inadequate Security:

@scottalanmiller said in UK To Fine Some Service Agencies if Found with Inadequate Security:

@stuartjordan said in UK To Fine Some Service Agencies if Found with Inadequate Security:

100% agree with your comment Nash...That Amber Rudd women spoke about how facebook, whatsapp and many others should let government agencies have backdoor access. I say they should go F** themselves! - Non technical people in high power should not be able to stipulate comments like that...

Non-technical people shouldn't be in power. Non-technical is really just a general code phrase for "not smart."

Ouch! lol

The issues, like this one, aren't technical. They are common sense issues. Clearly the people making the decisions know nothing about the subject matter. It doesn't require technical smarts to know not to dictate things like this. It just takes basic adulting. So the issue is that the people in question are making decisions that even children should often know better than to make.

CloudKnight

@scottalanmiller and these so called people are running our country, scary does not quite describe it.

IRJ

Most of the time it is just cheaper to pay the fine rather than practice good security. I recently read about a health organization that had a million records compromised. They were fined $3.5 million, so about $3.50 a record. Alot of companies figure it is better to just take the chance and even if you do get hacked it is still cost less than having a good security program.

Dashrender

@irj said in UK To Fine Some Service Agencies if Found with Inadequate Security:

Most of the time it is just cheaper to pay the fine rather than practice good security. I recently read about a health organization that had a million records compromised. They were fined $3.5 million, so about $3.50 a record. Alot of companies figure it is better to just take the chance and even if you do get hacked it is still cost less than having a good security program.

/sigh. I'm sure this is true.

They also don't want to force a good culture of security upon their people due to pushback.

scottalanmiller

@irj said in UK To Fine Some Service Agencies if Found with Inadequate Security:

Most of the time it is just cheaper to pay the fine rather than practice good security. I recently read about a health organization that had a million records compromised. They were fined $3.5 million, so about $3.50 a record. Alot of companies figure it is better to just take the chance and even if you do get hacked it is still cost less than having a good security program.

That's often the case. Same thing with credit cards. Cheaper to pay for bad transactions than to pay for better security in the cards.

IRJ

@scottalanmiller said in UK To Fine Some Service Agencies if Found with Inadequate Security:

@irj said in UK To Fine Some Service Agencies if Found with Inadequate Security:

Most of the time it is just cheaper to pay the fine rather than practice good security. I recently read about a health organization that had a million records compromised. They were fined $3.5 million, so about $3.50 a record. Alot of companies figure it is better to just take the chance and even if you do get hacked it is still cost less than having a good security program.

That's often the case. Same thing with credit cards. Cheaper to pay for bad transactions than to pay for better security in the cards.

Yeah. These companies get rewarded for not having security. Just because you have terrible security, doesnt mean you will get breached either. How many are flying under the radar that we don't know about?

Dashrender

@irj said in UK To Fine Some Service Agencies if Found with Inadequate Security:

@scottalanmiller said in UK To Fine Some Service Agencies if Found with Inadequate Security:

@irj said in UK To Fine Some Service Agencies if Found with Inadequate Security:

Most of the time it is just cheaper to pay the fine rather than practice good security. I recently read about a health organization that had a million records compromised. They were fined $3.5 million, so about $3.50 a record. Alot of companies figure it is better to just take the chance and even if you do get hacked it is still cost less than having a good security program.

That's often the case. Same thing with credit cards. Cheaper to pay for bad transactions than to pay for better security in the cards.

Yeah. These companies get rewarded for not having security. Just because you have terrible security, doesnt mean you will get breached either. How many are flying under the radar that we don't know about?

No the bigger question is, how many have been breached that they aren't aware of it, and the effects are low enough that it's not tripping any alarms?

IRJ

@dashrender said in UK To Fine Some Service Agencies if Found with Inadequate Security:

@irj said in UK To Fine Some Service Agencies if Found with Inadequate Security:

@scottalanmiller said in UK To Fine Some Service Agencies if Found with Inadequate Security:

@irj said in UK To Fine Some Service Agencies if Found with Inadequate Security:

Most of the time it is just cheaper to pay the fine rather than practice good security. I recently read about a health organization that had a million records compromised. They were fined $3.5 million, so about $3.50 a record. Alot of companies figure it is better to just take the chance and even if you do get hacked it is still cost less than having a good security program.

That's often the case. Same thing with credit cards. Cheaper to pay for bad transactions than to pay for better security in the cards.

Yeah. These companies get rewarded for not having security. Just because you have terrible security, doesnt mean you will get breached either. How many are flying under the radar that we don't know about?

No the bigger question is, how many have been breached that they aren't aware of it, and the effects are low enough that it's not tripping any alarms?

Nearly all companies have some sort of breach at some level

scottalanmiller

@dashrender said in UK To Fine Some Service Agencies if Found with Inadequate Security:

@irj said in UK To Fine Some Service Agencies if Found with Inadequate Security:

@scottalanmiller said in UK To Fine Some Service Agencies if Found with Inadequate Security:

@irj said in UK To Fine Some Service Agencies if Found with Inadequate Security:

Most of the time it is just cheaper to pay the fine rather than practice good security. I recently read about a health organization that had a million records compromised. They were fined $3.5 million, so about $3.50 a record. Alot of companies figure it is better to just take the chance and even if you do get hacked it is still cost less than having a good security program.

That's often the case. Same thing with credit cards. Cheaper to pay for bad transactions than to pay for better security in the cards.

Yeah. These companies get rewarded for not having security. Just because you have terrible security, doesnt mean you will get breached either. How many are flying under the radar that we don't know about?

No the bigger question is, how many have been breached that they aren't aware of it, and the effects are low enough that it's not tripping any alarms?

Any good breach will be that way - no one knows except that data is out there, somewhere.