this post was submitted on 03 Dec 2023
41 points (100.0% liked)

Cybersecurity

5668 readers
87 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago
MODERATORS
all 10 comments
sorted by: hot top controversial new old
[–] jubilationtcornpone@sh.itjust.works 7 points 11 months ago (2 children)

Breaches are one of those things that no one cares about until they happen. Assessing and mitigating risks is costly and no one wants to spend money on that.

And let's be real, the penalties for data breaches, especially ones that transpired due to willful negligence, are an insufficient motivator. It happens so often that the public just kind of forgets about it the next day.

Remember the Equifax breach in 2017? The one where the personal data of 147 million people was exposed? Well Equifax got a slap on the wrist when they should have been fined into oblivion. That's the only way businesses will start taking cyber security seriously. The US desperately needs GDPR-like legislation because at this point our collective lack of data privacy and security is a joke.

[–] thebardingreen@lemmy.starlightkel.xyz 2 points 11 months ago* (last edited 11 months ago)

Breaches are one of those things that no one cares about until they happen.

You have people like me on the inside repeating "Spend money now or lose money and reputation later." The only time I had a client REALLY listen was when the government made them, and then they wanted to figure out the cheapest way to do the bare minimum.

But capitalism is great and keeps us safe and free y'all!

[–] sugar_in_your_tea@sh.itjust.works 1 points 11 months ago

I'd be happy with a federal level recognition to a right to privacy beyond the 4th amendment. That alone might be enough to drastically increase the ramifications for breaches made possible through negligence and could include jail time.

[–] scytale@lemm.ee 3 points 11 months ago (1 children)

Three words that kill modernization: Lift and shift.

[–] Devjavu@lemmy.dbzer0.com 1 points 11 months ago (1 children)
[–] scytale@lemm.ee 4 points 11 months ago

It’s a term used for when IT operations teams want to keep the status quo design of their environments when upgrading or modernizing their infrastructure, instead of fixing and securing things while they’re at it. The common excuse is that they will fix issues once migration/upgrade is complete, either because they’re on a tight timeline to do it, they’re afraid of breaking things, or just plain lazy. They will say it’s temporary until things have settled down. And we all know there’s nothing more permanent than a temporary implementation. The result is the same issues and problems exist, just on new infrastructure.