SoylentNews is people
SoylentNews
from the Spoiler-alert:-They-get-hacked dept.
"I don't want to have a job any more," said Check Point's Dan Wiley, sitting in a fashionably nondescript London coffee shop. "I don't want to have to do my job. It means that we failed."
Far from being depressed, Wiley was expressing the forlorn hope that infosec as a field would be less dominated by malicious persons trying to make a fast buck by scamming honest folk and businesses out of their hard-earned money.
As Check Point's incident response head honcho, Wiley has full visibility into what the infosec company's operations involve. Increasingly, he said, it's turning into staving off more of the same attacks against Check Point's customers.
"Same attacks as 2019," he said, referring to what he's seen so far this year, "but the volume and the aggressiveness is increasing. Ransomware is still a very hot topic. BEC [business email compromise], equally hot, plus Office 365. Breaches of remote-access solutions. Citrix, RDP, Cisco VPN, Fortinet VPN, all of the remote-access systems are being fairly aggressively targeted."
If the list of attack types and vectors sounds familiar, that's because it is. Far from the olden days when script kiddies would pwn an unsecured server just to digitally graffiti over it, today's crooks are out for one thing only: money. As Wiley told The Register, the range of attack types is decreasing while the number of attacks themselves is up.
I feel like Moses a little bit or Noah. 'Yeah, the flood's coming. Oh we're in the flood, people!'
Check Point handled 2,000 incidents last year and based on January and February's attack volumes, the incident response director expects that to double.
"Especially," he said, "here in Europe for SMEs, it's very clear that management has not invested in security and is hedging their bets, playing the odds or whatever term you want to use, on not getting breached. The reality is they will get breached. They're not investing in the controls or systems or capabilities to be able to defend themselves."
A senior exec at a security company that is stoking security fears to sell more security, who's have thunk it. But he has a point.
(Score: 2, Insightful) by Anonymous Coward on Wednesday March 11 2020, @03:46PM (4 children)
Playing the odds is not a bad thing. All security systems are by their nature tools that can reduce (but never eliminate) risk so security is all about "playing the odds".
The game is always "how much time and money can I reasonably spend on reducing this risk and is that the most effective use of those resources?"
My gut feeling is that most computer security breaches affecting small businesses do not cause very much damage to the business. "Investing in the controls or systems or capabilities to defend themselves" could very well end up being more expensive than just eating the cost of the occasional breach (and that it's up to the business owner to decide what's important to their business).
(Score: 0) by Anonymous Coward on Thursday March 12 2020, @10:07AM (3 children)
Your gut feeling is wrong.
Amazon fulfillment backend down? Zero $.
Magento Store is down? Zero income in that stream.
PBX taken down too? Zero $ from sales teams and incoming customer calls.
Accounting computers ransomwared? Might be late with critical patent filings or taxes or so on, or in the best case scenario, expensive calculator jockeys get paid leave to sort paperclips.
Shipping... how do you think labels go on, couriers are contacted, etc?
Purchasing - it's either online or the contact info is online so no network means no incoming material.
Scheduling - when are staff and support staff even supposed to try to do their jobs? Who is emailing shift workers their schedules when the email server is down?
I could go on but you get the picture.
These days, European businesses are digital-first, and malware kills SMBs. Not that I have experience...
(Score: 0) by Anonymous Coward on Thursday March 12 2020, @02:35PM (2 children)
This doesn't demonstrate my gut feeling is wrong because there are no actual numbers attached to any of these possible consequences you list.
Obviously some small businesses will be more affected by computer problems than others. Those might want to consider investing to mitigating possible issues after considering the costs involved.
Your restaurant is not going to catch on fire if your computers stop working.
(Score: 0) by Anonymous Coward on Monday March 16 2020, @06:43AM
> Your restaurant is not going to catch on fire if your computers stop working.
Yes it is. If I can't get to the contact list I'm stuck with whatever servers I have in my personal cell, instead of the work landline. If I can't get to my supplier emails I can't order anything, from food to napkins to handsan. If the POS is down then front of house can't see table assignments or send orders to the kitchen direct or even take payment except for cash, using a calculator to make change, from a till that won't open because it's not mechanical, it's a fucking WinXP Piece Of Shit Point Of Sale.
Numbers would mean nothing. The fact that you can't understand how contemporary urban foodservice runs, when I've told you, means you're wilfully ignorant.
> there are no actual numbers attached to any of these possible consequences you list.
$0. I'm making $0 and I'm sending servers home. Oh look, the actual number I said before!
Fool.
(Score: 0) by Anonymous Coward on Monday March 16 2020, @06:45AM
Just to reiterate, "zero is a number" you moron.
Fucking people with zero functioning neurons. You'd never last a night as waitstaff. You probably wouldn't last a night bussing and washing.