Shrecknet posted:I mean in the sense that it satisfies none of the four levels of mens rea required to establish a crime has occurred. And this is why the term hacking has been so muddied and lost all meaning anymore (which I understand is the point of this thread). Unauthorised access doesn't always mean hacking. If you were to steal someone's front door key, and use that to get into their house. That's not hacking, it's Unauthorised access Kicking the door in or picking the lock is hacking in a sense as it's exploiting an unintended aspect of the security measure. I guess beyond that is something that's been mentioned earlier but as someone who works in Cyber Security, it's loving difficult and I don't think people realise how difficult it is. Companies generally don't give a poo poo unless something happens to them, and even then the people that take the blame are the head of security or the guys patching the systems. Which in reality it's rarely their fault. Most security and IT teams are understaffed and under budgeted. They aren't allowed to implement patches when they want as that would incur downtime for the systems which would mean loss of potential revenue. They are then asked to work overtime or be on call when something goes wrong. I also feel we as a security community don't do enough of the basics correctly and rely on automated systems and tools too much. Education is severely lacking for most companies beyond "Here's a 5 min video on phishing. Now remember don't click on poo poo".
|
|
#
¿
Jan 17, 2021 17:03
|
|
|
|
| # ¿ May 14, 2024 11:58 |
|
Aramis posted:Also very telling is the fact that while insurance companies care to some degree that you have some security in place, what they REALLY care about is that a company has a recovery plan in place. The expectation is that it's basically impossible to protect a system against a motivated attacker without incurring hilariously excessive costs that very few companies are willing to actually fork out. Cyber insurance is a loving scam. It is basically impossible to cover all your bases and even then unless you are rolling everything in house (don't roll your own cryptography) you are at the mercy of 3rd parties keeping their poo poo up to date too.
|
|
|
#
¿
Jan 17, 2021 22:40
|
|
CommieGIR posted:Cyberinsurance is a scam, largely because most cyberinsurance plans have stuff in fine print that actually requires to do some basic infosec stuff otherwise they won't pay out. Even with basic infosec stuff they sometimes don't pay out. Some companies won't pay out if info was stolen or downtime occured via a phishing attack. Also most companies do not have a good incident response plan either. The previous place I worked was basically "Well we will phone the on call IT guy and see if he answers or not"
|
|
|
#
¿
Jan 18, 2021 08:35
|
|