|
|
|
|
|
|
by lovich
2955 days ago
|
|
|
I mean, can you actually convince execs it's a good idea, no matter how charismatic you are? As a citizen, an engineer, and a consumer I think software and infrastructure security needs to be taken much more seriously due to how much breaches hurt people. But if I was an executive or shareholder? Why would I care? We've seen time and time again how data breaches are just a blip in the stock price, the government doesn't punish anyone for negligence, and if someone manages to take serious money from you the government will go after them on your behalf. Security is expensive, and the odds of you having a breach that actually hurts you for more than a short period seem astronomically low. We have more businesses saying they are shutting down or leaving the EU market over the fact that they can't take user data without permission than we have shutting down because they leaked all their users data or let hackers in through complete negligence of any modern security practices |
|
|
On SWIFT, yes, you can, thanks to their own reply to the Bangladesh incident: a reasonably thorough set of security guidelines called CSP/CSCF (Customer Security Program/Control Framework), compliance to which is now mandatory. Network isolation, 2-factor authentication, secure VDI for access, physical access controls, log retention, it's all in there. It's the perfect chance to get money and people from management and sanitize the situation.
Actually if in May 2018 you don't already have a running project and resources for compliance, you should be quite worried.