|
|
|
|
|
|
by mschuster91
1158 days ago
|
|
|
> If you are responsible for the security posture and compliance in your organization, reading and acting on security assessments, and yet you do random changes based on random comments on forums, you deserve the blame. It's not as easy. Of course experienced sysadmins know it's bullshit. The problem is that cybersecurity insurance policies require "immediate action" on alerts and no one, even assuming a competent CTO, wants to be stuck with the bill should a security incident arise and the insurance say "audit says no of your machines had mitigated issue xyz, claim denied". Deleting a flagged binary is evidence of mitigation. The amount of utter bullshit, not to mention the literal spyware that is insurance-compliant antivirus solutions, that insurances force clients to comply with is insane. The core problem is that insurances don't have the time to actually do deep dives to check if their clients have decent or no IT security. Hell, I'd wager everyone here knows of "that one server that never got updates, was in no inventory or whatever, and once the last disk failed suddenly everything else came crashing down". And so, insurances go with a 12 pound hammer to which everything is a nail, as it is the best way for them to be able to underwrite policies with the insane amount of coverage that GDPR and friends expose the clients to. |
|
|