Stories
Slash Boxes
Comments

SoylentNews is people

Check Point Chap: Small Firms Don't Invest in Infosec Then Hope They Won't Get Hacked

posted by Fnord666 on Wednesday March 11 2020, @07:19AM   Printer-friendly
from the Spoiler-alert:-They-get-hacked dept.

upstart writes in with an IRC submission for SoyCow4275:

Check Point chap: Small firms don't invest in infosec then hope they won't get hacked. Spoiler alert: They get hacked:

"I don't want to have a job any more," said Check Point's Dan Wiley, sitting in a fashionably nondescript London coffee shop. "I don't want to have to do my job. It means that we failed."

Far from being depressed, Wiley was expressing the forlorn hope that infosec as a field would be less dominated by malicious persons trying to make a fast buck by scamming honest folk and businesses out of their hard-earned money.

As Check Point's incident response head honcho, Wiley has full visibility into what the infosec company's operations involve. Increasingly, he said, it's turning into staving off more of the same attacks against Check Point's customers.

"Same attacks as 2019," he said, referring to what he's seen so far this year, "but the volume and the aggressiveness is increasing. Ransomware is still a very hot topic. BEC [business email compromise], equally hot, plus Office 365. Breaches of remote-access solutions. Citrix, RDP, Cisco VPN, Fortinet VPN, all of the remote-access systems are being fairly aggressively targeted."

If the list of attack types and vectors sounds familiar, that's because it is. Far from the olden days when script kiddies would pwn an unsecured server just to digitally graffiti over it, today's crooks are out for one thing only: money. As Wiley told The Register, the range of attack types is decreasing while the number of attacks themselves is up.

I feel like Moses a little bit or Noah. 'Yeah, the flood's coming. Oh we're in the flood, people!'

Check Point handled 2,000 incidents last year and based on January and February's attack volumes, the incident response director expects that to double.

"Especially," he said, "here in Europe for SMEs, it's very clear that management has not invested in security and is hedging their bets, playing the odds or whatever term you want to use, on not getting breached. The reality is they will get breached. They're not investing in the controls or systems or capabilities to be able to defend themselves."

A senior exec at a security company that is stoking security fears to sell more security, who's have thunk it. But he has a point.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Check Point Chap: Small Firms Don't Invest in Infosec Then Hope They Won't Get Hacked | Log In/Create an Account | Top | 9 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Wednesday March 11 2020, @01:58PM (1 child)

    by Anonymous Coward on Wednesday March 11 2020, @01:58PM (#969614)

    A small firm has little money so McAfee or Kaspersky Is the INFOsec until they can establish themselves. The risk of getting crushed by competition is a far greater risk.

  • (Score: 0) by Anonymous Coward on Wednesday March 11 2020, @09:15PM

    by Anonymous Coward on Wednesday March 11 2020, @09:15PM (#969835)

    Checkpoint is anything but small. They used to own the firewall industry in the 90s.