All security is a balance between risks and costs, in this case productivity.
If I believe the Verizon DBIR reports -- and I do -- around 20% of breaches are straight up errors, screw-ups, and accidental disclosures.
After that it's hacking web applications, at around 30% of the breaches.
Keeping these things from happening starts on the developer level, and if I find out a software suite that I'm using in the Enterprise ain't doing their security due-diligence then they're fucking gone, like ASAP; security for highly vetted, well-protected systems is hard enough, and those people are trying.
> Many skilled people had been caught doing 'cybercrime'
There is getting in, getting out, and getting in and out cleanly. Just cuz they didn't get out cleanly and got arrested -- eventually; could be 4 years later -- it doesn't mean they can't do massive damage until then. Shutting down work, destroying data, exposing secrets, whatever.
And these are the ones that you can arrest, cuz plenty of them won't be in countries that will extradite.
If I believe the Verizon DBIR reports -- and I do -- around 20% of breaches are straight up errors, screw-ups, and accidental disclosures.
After that it's hacking web applications, at around 30% of the breaches.
Keeping these things from happening starts on the developer level, and if I find out a software suite that I'm using in the Enterprise ain't doing their security due-diligence then they're fucking gone, like ASAP; security for highly vetted, well-protected systems is hard enough, and those people are trying.
> Many skilled people had been caught doing 'cybercrime'
There is getting in, getting out, and getting in and out cleanly. Just cuz they didn't get out cleanly and got arrested -- eventually; could be 4 years later -- it doesn't mean they can't do massive damage until then. Shutting down work, destroying data, exposing secrets, whatever.
And these are the ones that you can arrest, cuz plenty of them won't be in countries that will extradite.