Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
A think tank called Public Policy Exchange is hosting a conference on cyber security in London today. Some of the recent UK Government statistics are eye-opening.
Apparently two thirds of large British businesses have had a cyber attack in the past year, and one quarter get attacked nearly every month. The total cost is about £34 billion pa. Yet in most companies there is little staff training on cyber security, and the board of directors usually only get to discuss it when there has actually been a breach. The rest of the time, it's considered to be the responsibility of the IT department.
You are correct with you points. If it's not making money then they do not see a reason to spend money on it. What they fail to realize is that if they don't spend money on it it could cost them a lot more down the road.
A think tank called Public Policy Exchange is hosting a conference on cyber security in London today. Some of the recent UK Government statistics are eye-opening.
Apparently two thirds of large British businesses have had a cyber attack in the past year, and one quarter get attacked nearly every month. The total cost is about £34 billion pa. Yet in most companies there is little staff training on cyber security, and the board of directors usually only get to discuss it when there has actually been a breach. The rest of the time, it's considered to be the responsibility of the IT department.
This sounds like a business opportunity to me. I've noticed that stolen credit cards (a rampant problem in the US) usually result in someone besides the card holder paying for the losses. It's not clear to me if it's the retail business or the bank or the card company (e.g., Visa or Mastercard) that foots the bill, but that bill must be HUGE.
In the UK, if your card is stolen and you report it straight away, I think you have to pay the first £50 but the bank pays the rest. But if you are tricked into transfering your account to a criminal, you lose. The bank won't cover it because you actually instructed them to make the transfer, and obviously you had the authority to do that.
Banks have also said that they won't pay out any more for phishing scams because everybody is supposed to know by now what a phishing email looks like. Following one to a dud banking site is considered wilful negligence.
Apparently two thirds of large British businesses have had a cyber attack in the past year, and one quarter get attacked nearly every month.
I'm pretty sure that I've seen those figures, or something like them, before.
At first I was a bit shocked, but then I thought 'well it doesn't say successful Cyber Attack'. If all it amounts to is that someone tried to get in to ssh with the password 'password', and gave up on first falure, I'd be surprised that it wasn't a lot more.
Quote:
Originally Posted by hazel
The total cost is about £34 billion pa.
Again a shocking number but given how people arrive at these numbers I'm not going to go believing that £34 billion is an actual cost. Mind you even if it were half that you would still think 'this is a big number...a very big number'.
Quote:
Originally Posted by hazel
Yet in most companies there is little staff training on cyber security, and the board of directors usually only get to discuss it when there has actually been a breach. The rest of the time, it's considered to be the responsibility of the IT department.
Now there is something I can take at face value and be worried about.
You might want to read Kevin Mitnick's book 'The Art of Deception', which describes in detail how naive employees can be seduced into giving away information valuable to a cracker. They simply don't realise how valuable such information can be and how it might be used.
It's not clear to me if it's the retail business or the bank or the card company (e.g., Visa or Mastercard) that foots the bill,
Usually it's the "bank", although there is now a push in the US to change some of that and make retail businesses responsible for certain types of fraud if they aren't using Chip/PIN authentication. VISA/MASTERCARD are "program providers", they generally are the "knitting" that allow transactions on cards to be authorised, (generally) "they" don't authorise transactions, they provide a mechanism for the "payment service providers" to connect with the authorisation service of the "card issuer", which may not even be the actual issuing bank.
Quote:
Originally Posted by sneakyimp
but that bill must be HUGE.
It may seem huge to you, but it's a tiny fraction of transaction values. There's also an "acceptable loss" concept, same as any business. Banks (and I use that word very loosely, as there are many links in the chain from merchant to bank) are in business, if it's going to cost them $x00 to investigate a $20 fraudulent transaction, do you think they'll do that? Or do you think they'll take the hit and refund the transaction? Hint, it's not the first one!
A think tank called Public Policy Exchange is hosting a conference on cyber security in London today. Some of the recent UK Government statistics are eye-opening.
Apparently two thirds of large British businesses have had a cyber attack in the past year, and one quarter get attacked nearly every month. The total cost is about £34 billion pa. Yet in most companies there is little staff training on cyber security, and the board of directors usually only get to discuss it when there has actually been a breach. The rest of the time, it's considered to be the responsibility of the IT department.
Scare the users..LOL..
I think having a lunch training once in a while on IT Security awareness would help.
Cyber Security requires every user who has access to Internet to do his/her own part and be responsible when online. No matter how good is the IT infrastructure if you got one user who just click here and there, I guess all the IT setup is useless.
Proper budget allocation for IT Infrastructure should be considered, not just a budget for sales/marketing department.
It's only a (short) matter of time, now, before the official, policy-making thinking concludes: "these must be inside jobs!"
And, when that happens, a whole lot of things in "the I.T. world as we now know it" are going to become very different. In America, the entire "H-1B and L-1 Visa" programs might be wiped-out, as we belatedly realize that it does matter where your workers come from when you're bombing the hell out of their or their neighbor's countries. The "Starbucks company" will vanish, to the consternation of coffee-shops everywhere. Professional licensure and mandatory security-clearances of various sorts will become the law throughout the world.
As an industry, we blithely promised that our technology would provide "security," such that either there was no "adverse human factor," or that it just didn't matter because every one of us comes equipped with a halo. Well, as trillions of dollars disappear, and as a dim-bulb light of realization begins to turn-on that there just might be a terrible risk(!) associated with rampant computerization and the indiscriminate dissemination and sharing of highly-personal information ... the backlash could be enormous w-h-e-n it arrives. But, none of us may have any right to "act surprised."
Our military-industrial complex also confidently told policymakers that their technology would provide "security." That, if they would just consent to spend ##CLASSIFIED## dollars every ##CLASSIFIED##, they could all rest easy. Unfortunately, the presence of vast sums of money fossilizes human thought into "granite group-think." It actually isn't difficult at all to see where the gaping holes are, yet ... "there are none so blind ..."
Last edited by sundialsvcs; 05-17-2016 at 09:55 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.