|
|
|
|
|
|
by acdha
1740 days ago
|
|
|
I like seeing these guidelines but I definitely have been thinking about this essay from a couple months back which I think accurately calls the current situation untenable. These are all good advice, but even most government agencies have nowhere near the budget to fully implement them. https://doublepulsar.com/the-hard-truth-about-ransomware-we-... > The truth is, while governments are pushing frameworks such as Zero Trust, the amount of orgs who successfully implement these are… not many. Many companies can barely afford to patch SharePoint, let alone patch the the tens of thousands of application vulnerabilities shown in a vulnerability management program, and really struggle with accurate asset lists.
…
> My concern, for years, has been that ransomware gangs have not only closed the loop on monetization, they are also acquiring so much income they are becoming a bigger operational threat than some states.
>
> To give an example, one ransomware group receiving a $40m payment for attacking a cybersecurity insurance company gives the attackers more budget to launch cyberattack than most medium to large organizations have to defend against attacks in total. And that’s just one attack, from one group, that barely made the news radar of most people.
>
> The payment amounts are increasing, the frequency is increasing, the sophistication is increasing. |
|
|
https://www.linkedin.com/pulse/time-say-goodbye-nicolas-m-ch...