SoylentNews is people
SoylentNews
Arthur T Knackerbracket has found the following story:
Security shop Egress studied 4,856 personal data breach reports collected from the UK Information Commissioner's Office, and found that in 60 per cent of the incidents, someone within the affected biz was at fault.
Further breaking down human error, it was found that 43 per cent of the data leaks were caused by incorrect disclosure, such as someone sending a file to the wrong person or the wrong file to the right person or persons. For example, 20 per cent of the exposures were caused by faxing a file to the wrong person, and 18 per cent were caused by typing the wrong address into an email field or failing to use bcc and exposing every recipient.
[...] In other words, the biggest threat to your company's data security is you or a colleague. For every exotic APT operation that gets reported, there are four companies done in by someone fat-fingering a fax machine or clicking the wrong file to attach to an email.
"All too often, organizations fixate on external threats, while the biggest cause of breaches remains the fallibility of people and an inherent inability of employees to send emails to the right person," Egress CEO Tony Pepper said of the findings.
[...] None of this is to say that admins should neglect external security entirely. A quick perusal of the California Attorney General's disclosure list shows that four of the five most recently reported data leaks, including the massive Capital One theft, were in fact down to third-party hackers or malware infections. ®
(Score: 5, Informative) by JoeMerchant on Friday August 30 2019, @06:34PM
Outside Aiken, SC (Augusta, GA if you want a "real town") is a huge government facility on the Savannah River with a bunch of nuclear reactors that they use to make submarine fuel, among other things I'm sure.
Back in 1988 I interviewed with them and had a brief discussion of network security with one of the interviewers. If he was really good, he was just blowing smoke at me, but he really didn't seem that smart... their campus is BIG and has all kinds of places where wired and wireless taps could sniff the network traffic. When I asked what they did for encryption, his answer was: drop the packet size to 1 byte. This way, any attacker trying to sniff the data would have to basically get it ALL in order to make sense of it, and, according to the local expert, it would take far too much bandwidth and computing power for a guy with a laptop to tap a line or microwave link out in the woods and exfiltrate anything useful.
I made an "if you say so" face and didn't pursue the topic any further - also came away with a job offer for IT support which I declined; not only did Augusta not appeal, but starting a glow-in-the-dark career straight out of college didn't appeal either.
So, if that's really the "state of the art" of security at a major nuclear breeder facility... what do you figure the older tech based facilities use?
🌻🌻 [google.com]