| I assume part of the problem is that it is hard to quantify successes or wins in defense. What is a good way to protect against ransomware? Symantec buries the lede with the answers (possibly because of conflicting business interests) which are 1. Limit end user access to mapped drives 2. Deploy and maintain a comprehensive backup solution http://www.symantec.com/connect/blogs/ransomware-dos-and-don... But really, how do we justify spending thousands of dollars on hardware? I hate myself for saying this but there are real risks of doing too much as well. We could have our own mini tyrannical regime of secure computing a la the TSA security theater. Effective user education is challenging. Even developers are prone to use elevated user permissions where none is strictly required just for the sake of convenience. I know I've found myself right-clicking visual studio and clicking "Run as administrator" reflexively after just a few months of working on ASP.NET and IIS. This is a little off-topic but I imagine the whole funding offense vs defense might be a little more "natural" than we like to admit. Imagine you're a defense manager and there's this other guy who is an offense manager. Just as a football analogy, how do you justify your team's worth when the other team says that there is no good way to quantify the worth of the work you're doing and there is a good way to quantify their team's work? I guess what I'm asking is how do we put a dollar and cent value to defensive cyber security? Can we just ask "How much does the business stand to lose if we lost all our data to ransom ware or worse to a competitor?" or would business think that is overreaching? |