[HN Gopher] Things to know before getting into cyber security (2...
___________________________________________________________________
Things to know before getting into cyber security (2018)
Author : Tomte
Score : 22 points
Date : 2021-07-12 13:11 UTC (9 hours ago)
(HTM) web link (doublepulsar.com)
(TXT) w3m dump (doublepulsar.com)
| cyberlurker wrote:
| This contains some generally good advice. I find this is
| underutilized by most people:
|
| " A really key one is listening. Sometimes what you're proposing
| really isn't possible with the resources a
| department/team/company has. Sometimes what you're proposing
| isn't workable for reasons you've never even thought of.
| Sometimes what you're proposing is just dumb in the real world.
| And sometimes the arguments an organisation will present against
| doing something won't make sense. The key thing is you've
| listened, and you can go away and figure what to challenge, and
| how."
| mindcrime wrote:
| Pretty interesting article overall, but I was struck by this bit:
|
| _It's also worth pointing out many companies are still early in
| their cyber journey_
|
| It's hard not to go "waitjustaminute" about that. Computers have
| been highly prevalent, if not ubiquitous, in corporate life for
| near on 40 years now. The first computer virus[1] is older than I
| am (I'll be 48 in a week). Hackers as a sort of public threat
| seemed to enter the public vernacular largely around the release
| of WarGames[2] in 1983. The Morris Worm[3] caught the public's
| attention in 1988. Kevin Mitnick[4] was notorious as "the world's
| most wanted computer hacker" by the mid 1990's. Hackers[5] came
| out in 1995.
|
| There's really not much new about the need for a focus on
| cybersecurity, other than the specific details of newer
| vulnerabilities and exploits, and the general shift towards
| profit-motivated malicious hacking. Anybody who is "just
| starting" to focus on cybersecurity really hasn't been paying
| attention.
|
| [1]: https://en.wikipedia.org/wiki/Creeper_(program)
|
| [2]: https://en.wikipedia.org/wiki/WarGames
|
| [3]: https://en.wikipedia.org/wiki/Morris_worm
|
| [4]: https://en.wikipedia.org/wiki/Kevin_Mitnick
|
| [5]: https://en.wikipedia.org/wiki/Hackers_(film)
| phendrenad2 wrote:
| Pop culture (wargames, hackers) and popularized accounts of
| public events (kevin mitnick, worms, viruses, etc.) are all
| terrible at teaching users about cybersecurity, and in fact
| give them bad impressions in general. Why do you think users
| seem to think that security is just a matter of buying an
| expensive antivirus program? Or why any time their HDMI
| glitches out they think their PC "is hacked" but they'll gladly
| click on malicious emails?
| paperwasp42 wrote:
| > Anybody who is "just starting" to focus on cybersecurity
| really hasn't been paying attention.
|
| As a cybersecurity engineer: absolutely agree. Unfortunately,
| there is a truly stunning amount of companies that haven't been
| paying attention.
|
| I'm lucky to work at a company that's been investing in cyber
| for years, but the stories I hear from colleagues at other
| companies are truly mind-blowing. There are a lot of highly
| respected companies out there with little to no security
| program in place.
| client4 wrote:
| I regularly saw Fortune 100 firms having domain controllers
| with MS08-067 unpatched in 2013. I also saw other places with
| pressurized Ethernet runs. I'm guessing it's still spotty
| depending on where you're at.
| mindcrime wrote:
| Oh yeah, no doubt. I'm not trying to suggest that the overall
| state of security is "good" by any means. I think we all know
| it isn't. I was more just making the point that if security
| is not where it could be, it's not really because any of this
| is new. We've known computer security was an issue for a very
| long time. Now doing something about it, well, that's a
| different story...
| jasonladuke0311 wrote:
| Deloitte _sells_ security consulting and they had DCs on
| public internet as recently as a few years ago (around the
| time they were breached).
___________________________________________________________________
(page generated 2021-07-12 23:02 UTC)