Gregory's ServerWhenever I see a headline like “Cyber attacks against XYZ industry increase by 2000%” I think, “Oh, they finally started monitoring their networks, huh?”
|
9 comments
@tony @hal_pomeranz also what is a "cyber attack"? I have seen people saying essentially 1 scan = 1 attack @tony Usually it means they finally started looking at their firewall logs for the first time. And they misinterpret every port scan as an active attack. @hal_pomeranz *cough * isn’t that kind of the job of infosec? What exactly have they been doing for the last 30 years? @mhalligan Making whatever widgets they make as their core business. Infosec was never even on their radar. @hal_pomeranz I worked at a company whose products are security dashboard & ticketing tools, mostly around release management. We had little view into the security of our own infrastructure. We had DevSecOps teams, a CISO, every ISO and related certification that existed, regular audits. Every trend and buzzword. We still lied to our customers about data access, literally violating contracts and international sanctions. I imagine the entire industry is this way.  @hal_pomeranz |
@hal_pomeranz I also wonder whether they're monitoring external or internal.. stick an IDS outside the firewall and it'll go nuts. But that's like saying stand on a motorway and you'll get run over..