LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 05-11-2016, 06:38 AM   #1
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: Debian, Crux, LFS, AntiX
Posts: 2,357
Blog Entries: 5

Rep: Reputation: 1040Reputation: 1040Reputation: 1040Reputation: 1040Reputation: 1040Reputation: 1040Reputation: 1040Reputation: 1040
Cybersecurity


A think tank called Public Policy Exchange is hosting a conference on cyber security in London today. Some of the recent UK Government statistics are eye-opening.

Apparently two thirds of large British businesses have had a cyber attack in the past year, and one quarter get attacked nearly every month. The total cost is about £34 billion pa. Yet in most companies there is little staff training on cyber security, and the board of directors usually only get to discuss it when there has actually been a breach. The rest of the time, it's considered to be the responsibility of the IT department.
 
Old 05-11-2016, 12:10 PM   #2
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,185
Blog Entries: 3

Rep: Reputation: 187Reputation: 187
You are correct with you points. If it's not making money then they do not see a reason to spend money on it. What they fail to realize is that if they don't spend money on it it could cost them a lot more down the road.
 
Old 05-11-2016, 11:06 PM   #3
sneakyimp
Senior Member
 
Registered: Dec 2004
Posts: 1,055

Rep: Reputation: 78
Quote:
Originally Posted by hazel View Post
A think tank called Public Policy Exchange is hosting a conference on cyber security in London today. Some of the recent UK Government statistics are eye-opening.

Apparently two thirds of large British businesses have had a cyber attack in the past year, and one quarter get attacked nearly every month. The total cost is about £34 billion pa. Yet in most companies there is little staff training on cyber security, and the board of directors usually only get to discuss it when there has actually been a breach. The rest of the time, it's considered to be the responsibility of the IT department.
This sounds like a business opportunity to me. I've noticed that stolen credit cards (a rampant problem in the US) usually result in someone besides the card holder paying for the losses. It's not clear to me if it's the retail business or the bank or the card company (e.g., Visa or Mastercard) that foots the bill, but that bill must be HUGE.
 
Old 05-12-2016, 07:20 AM   #4
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: Debian, Crux, LFS, AntiX
Posts: 2,357

Original Poster
Blog Entries: 5

Rep: Reputation: 1040Reputation: 1040Reputation: 1040Reputation: 1040Reputation: 1040Reputation: 1040Reputation: 1040Reputation: 1040
In the UK, if your card is stolen and you report it straight away, I think you have to pay the first £50 but the bank pays the rest. But if you are tricked into transfering your account to a criminal, you lose. The bank won't cover it because you actually instructed them to make the transfer, and obviously you had the authority to do that.

Banks have also said that they won't pay out any more for phishing scams because everybody is supposed to know by now what a phishing email looks like. Following one to a dud banking site is considered wilful negligence.
 
Old 05-14-2016, 08:34 AM   #5
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 4,070

Rep: Reputation: 896Reputation: 896Reputation: 896Reputation: 896Reputation: 896Reputation: 896Reputation: 896
Quote:
Originally Posted by hazel View Post
Apparently two thirds of large British businesses have had a cyber attack in the past year, and one quarter get attacked nearly every month.
I'm pretty sure that I've seen those figures, or something like them, before.

At first I was a bit shocked, but then I thought 'well it doesn't say successful Cyber Attack'. If all it amounts to is that someone tried to get in to ssh with the password 'password', and gave up on first falure, I'd be surprised that it wasn't a lot more.

Quote:
Originally Posted by hazel View Post
The total cost is about £34 billion pa.
Again a shocking number but given how people arrive at these numbers I'm not going to go believing that £34 billion is an actual cost. Mind you even if it were half that you would still think 'this is a big number...a very big number'.

Quote:
Originally Posted by hazel View Post
Yet in most companies there is little staff training on cyber security, and the board of directors usually only get to discuss it when there has actually been a breach. The rest of the time, it's considered to be the responsibility of the IT department.
Now there is something I can take at face value and be worried about.
 
Old 05-14-2016, 09:24 AM   #6
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: Debian, Crux, LFS, AntiX
Posts: 2,357

Original Poster
Blog Entries: 5

Rep: Reputation: 1040Reputation: 1040Reputation: 1040Reputation: 1040Reputation: 1040Reputation: 1040Reputation: 1040Reputation: 1040
You might want to read Kevin Mitnick's book 'The Art of Deception', which describes in detail how naive employees can be seduced into giving away information valuable to a cracker. They simply don't realise how valuable such information can be and how it might be used.
 
1 members found this post helpful.
Old 05-14-2016, 07:51 PM   #7
offgridguy
Senior Member
 
Registered: Nov 2015
Location: Alberta Canada
Distribution: Windows10, Debian
Posts: 1,111

Rep: Reputation: 147Reputation: 147
Kevin Mitnick, Art of Deception available here.
https://www.amazon.ca/Art-Deception-...=kevin+mitnick

Last edited by offgridguy; 05-14-2016 at 11:46 PM.
 
Old 05-15-2016, 02:15 PM   #8
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 2,756

Rep: Reputation: 1063Reputation: 1063Reputation: 1063Reputation: 1063Reputation: 1063Reputation: 1063Reputation: 1063Reputation: 1063
Quote:
Originally Posted by sneakyimp View Post
It's not clear to me if it's the retail business or the bank or the card company (e.g., Visa or Mastercard) that foots the bill,
Usually it's the "bank", although there is now a push in the US to change some of that and make retail businesses responsible for certain types of fraud if they aren't using Chip/PIN authentication. VISA/MASTERCARD are "program providers", they generally are the "knitting" that allow transactions on cards to be authorised, (generally) "they" don't authorise transactions, they provide a mechanism for the "payment service providers" to connect with the authorisation service of the "card issuer", which may not even be the actual issuing bank.

Quote:
Originally Posted by sneakyimp View Post
but that bill must be HUGE.
It may seem huge to you, but it's a tiny fraction of transaction values. There's also an "acceptable loss" concept, same as any business. Banks (and I use that word very loosely, as there are many links in the chain from merchant to bank) are in business, if it's going to cost them $x00 to investigate a $20 fraudulent transaction, do you think they'll do that? Or do you think they'll take the hit and refund the transaction? Hint, it's not the first one!
 
Old 05-15-2016, 10:25 PM   #9
JJJCR
Senior Member
 
Registered: Apr 2010
Posts: 1,523

Rep: Reputation: 260Reputation: 260Reputation: 260
Exclamation

Quote:
Originally Posted by hazel View Post
A think tank called Public Policy Exchange is hosting a conference on cyber security in London today. Some of the recent UK Government statistics are eye-opening.

Apparently two thirds of large British businesses have had a cyber attack in the past year, and one quarter get attacked nearly every month. The total cost is about £34 billion pa. Yet in most companies there is little staff training on cyber security, and the board of directors usually only get to discuss it when there has actually been a breach. The rest of the time, it's considered to be the responsibility of the IT department.
Scare the users..LOL..

I think having a lunch training once in a while on IT Security awareness would help.

Cyber Security requires every user who has access to Internet to do his/her own part and be responsible when online. No matter how good is the IT infrastructure if you got one user who just click here and there, I guess all the IT setup is useless.

Proper budget allocation for IT Infrastructure should be considered, not just a budget for sales/marketing department.
 
Old 05-17-2016, 10:51 AM   #10
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170
It's only a (short) matter of time, now, before the official, policy-making thinking concludes: "these must be inside jobs!"

And, when that happens, a whole lot of things in "the I.T. world as we now know it" are going to become very different. In America, the entire "H-1B and L-1 Visa" programs might be wiped-out, as we belatedly realize that it does matter where your workers come from when you're bombing the hell out of their or their neighbor's countries. The "Starbucks company" will vanish, to the consternation of coffee-shops everywhere. Professional licensure and mandatory security-clearances of various sorts will become the law throughout the world.

As an industry, we blithely promised that our technology would provide "security," such that either there was no "adverse human factor," or that it just didn't matter because every one of us comes equipped with a halo. Well, as trillions of dollars disappear, and as a dim-bulb light of realization begins to turn-on that there just might be a terrible risk(!) associated with rampant computerization and the indiscriminate dissemination and sharing of highly-personal information ... the backlash could be enormous w-h-e-n it arrives. But, none of us may have any right to "act surprised."

Our military-industrial complex also confidently told policymakers that their technology would provide "security." That, if they would just consent to spend ##CLASSIFIED## dollars every ##CLASSIFIED##, they could all rest easy. Unfortunately, the presence of vast sums of money fossilizes human thought into "granite group-think." It actually isn't difficult at all to see where the gaping holes are, yet ... "there are none so blind ..."

Last edited by sundialsvcs; 05-17-2016 at 10:55 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Cybersecurity Lab LXer Syndicated Linux News 0 09-30-2014 08:42 AM
LXer: The CISPA Cybersecurity Bill — Here's Why The Internet Is Up In Arms LXer Syndicated Linux News 0 04-19-2013 09:30 AM
LXer: Life Imitates Art in Cybersecurity (Again) LXer Syndicated Linux News 0 10-25-2012 06:40 PM
World Banding Together to Boost Cybersecurity win32sux Linux - Security 6 05-05-2010 01:55 AM
LXer: It's 2007 – Do You Know Where You're Cybersecurity is? LXer Syndicated Linux News 0 02-03-2007 01:03 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 06:37 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration