The writer of this post clearly does not grasp how different the ransomware situation is from Darwinian natural selection. Take the Anthem BCBS breach of 2014. I would suggest that Anthem is not an "inferior" company. Granted that when their cybersecurity and privacy met the cold light of day it was found severely lacking. The event was caused by a deceived employee, and we all know that this can and does eliminate much of the best planned cybersecurity program's elements. To think that such a program, which relies so heavily on the human element to succeed, could be made safer by some technical alchemy is dangerously naive and absurdly simplistic.
More to the point, companies have many factors to balance to be successful in their business line. Cybersecurity and privacy protection are essential elements in that balance, of course, and must be addressed appropriately. But consider: Symantec is not a security company - it is a security software developer and seller. Brinks and Pinkerton are security (physical) companies. For any company, ensuring adequate (there is no such thing as "perfect security" in this context) cybersecurity is a cost of doing business, as is the cyber insurance, breach protection/prevention/response. As such, it must be kept in line with other OpEx variable cost line items - not an excuse, simple reality. Symantec, CheckPoint, CrowdStrike, FireEye, and all the rest do the very same thing.
Trying to take the human link out of this chain is no answer, and strengthening the human link requires patience and diligence. If we had the employer-employee mutual loyalty that made the 30-year employee commonplace 50 years ago, this would be easier. But we don't, and raising the cultural standard to be better and stronger is now a reiterative/generational problem to solve. Sadly, governments, companies and humans in general rarely display this kind of patience and persistence.
------------------------------
Ross Leo
Galen Data, Inc.
Galen Data, Inc.
------------------------------
Original Message:
Sent: Aug 16, 2021 09:07:32 AM
From: Olivia Rempe
Subject: #repost - I love the uptick in ransomware
#repost from a thread I saw on reddit. Can the uptick in ransomware be viewed as a good thing and a way to weed out inferior companies through some sort of natural selection?
"Not only are companies who care more about paying breach insurance companies over protecting user data getting exploited, but now companies also have to answer to investors when they can't continue business operations. Unlike breaches where companies just give 1 year of "credit tracking" and they are legally off the hook while some poor guy's credit is ruined for years.
Now if you don't have backups, or reliable ways to restore those backups then your investors will get mad. This just opens the door for more cybersecurity sysadmins that actually care about security and it weeds out the ones who don't. It is kinda like natural selection in a way and I'm all for it."
------------------------------
Olivia Rempe
------------------------------