Is it just me or has 2023 been the year of the data breach? Maybe they are just larger or more widely reported. Just seems like there have been a fuck-ton of them this past year.
While true, I’m not convinced that fully explains it. Having been in IT nearly 2 decades I feel like the second piece is cybersecurity budgets getting slashed. A lot of them have been super-basic shit like someone clicking on a malicious link.
Oh for sure, didnt mean to imply it was the only reason.
Spearphishing high-value targets, or even just phishing a company’s email roster are very very common practices because they yield significant results.
Theres also the “insurance approach” to cybersecurity, where its cheaper to run PR for a little while and/or take out insurance policies against cyber attacks such as ransomware. The latter is a key factor as to why many companies dont mind paying the ransom at all.
Profit > Security. These companies don’t care so long as the consequences don’t affect profit significantly enough. Infosec is always an afterthought, if considered at all.
Is it just me or has 2023 been the year of the data breach? Maybe they are just larger or more widely reported. Just seems like there have been a fuck-ton of them this past year.
Hackers-for-hire on the darkweb is big business these days
While true, I’m not convinced that fully explains it. Having been in IT nearly 2 decades I feel like the second piece is cybersecurity budgets getting slashed. A lot of them have been super-basic shit like someone clicking on a malicious link.
Oh for sure, didnt mean to imply it was the only reason.
Spearphishing high-value targets, or even just phishing a company’s email roster are very very common practices because they yield significant results.
Theres also the “insurance approach” to cybersecurity, where its cheaper to run PR for a little while and/or take out insurance policies against cyber attacks such as ransomware. The latter is a key factor as to why many companies dont mind paying the ransom at all.
Profit > Security. These companies don’t care so long as the consequences don’t affect profit significantly enough. Infosec is always an afterthought, if considered at all.
deleted by creator