|
|
|
|
|
|
by gunapologist99
1586 days ago
|
|
|
What cost? There is literally zero cost. Unless a successful attack actually occurs, in which case it's literally almost priceless in terms of their reputational damage, unless they can get their hands on it before someone else. |
|
|
But, if you ask around enough with security teams at the large cloud providers, there are definitely rumors of APT-level activity being detected/blocked at the infra level. Yet, cloud is still the most secure option out there vs. on-prem in 90% of the use cases for it so to speak. Similarly, there is just too much precedent of high trust firms being breached, and nothing really happening to them as a result (fines, loss of users, etc).
So, you allocate $1mil, possibly spend it, and either way can't use it for anything else, or you allocate a fixed cost of $600k/yr and get a lot more out of it on the security front, to include solid defense-in-depth, detections, and IR capabilities for if/when the successful PWM attack finally occurs. Personally, yes probably worth putting out a hefty bounty, but pragmatically you'd get more out of hiring the engineers.