FUD vs Cassandra Warnings - Ignorance vs Apathy - Snarks and Boojums

We have moved into the age of cyberwar and cyber warfare. No longer will IT nor legal professionals/law enforcement or conventional security personnel without cyber warfare experience and expertise be adequate to meet present and future challenges and threats.

Got you upset and/or angry? Good! Get upset and angry as your companies will be facing the fights of your corporate lives. :D (enough Fuddish porridge/gruel for ya? Want some more? Spread thickly and lotsa lumps too - ransomeware frenzy - incompetence at IT basics or suspect corp decision making lead to paying as means to deal with any ransomeware we're thinking ;) :-P ).

2018 Thales Data Threat Report - Global Edition Key Security Statistics

67% Of global enterprises have now been breached – 73% in the U.S.

42% Of enterprises breached this year had been breached in the past

79% Increased IT security spending – And the data breaches didn’t even slow down

Conventional security does not work (if it ever really did) and is outclassed/overmatched by attackers.

The attacks have been minimal impact/damage,, 'irritation attacks' , but that is now changing. Maersk notPetya damage for example resulting in charge of $300MM in first order losses/cost.

White to black and black to white,,, organising for cyberwar next gen cyber warfare (cyber special operations ) focus presentation including white/public presentation.

"it is far easier to destroy than to build" but both are necessary to defend ,,,, Meltdown to Spectre (past and present) to Skeletor (Variant family) to Caprica (present and future) threat vectors and zero defense against same in conventional practice amid millions of deployments (takata scale airbag problem analogue) in private, public and especially , cloud operations. 

How to tell the difference between FUD and Cassandra Warnings? It is difficult for those who do not have intimate, deep and granular knowledge of security,, but smart people can learn to differentiate,, if they make the effort, read and research, listen to their gut feelings backed by good judgement of whom they talk to and with re security and IT, and don't fall for the 'flavour of the month" tech or 'sec/data/devops/secdevops guru' fad. Mot so easy is it? Especially since so many are indoc'd into conventional security 'group think' ,,, even and especially senior security stakeholders and senior corporate types who think for example that a lawyer with no hands on experience nor sector expertise can run and direct a security campaign simply because they have executive level capability.

Much like the fallacy that a good exec can run IT in this insecure day and age ignoring ans/or apathetic security by 'hiring' the right IT people to do the hands on work. Classic examples of the Peter Principle,, George McClellan and the Army of the Potomac, the former CIO of Target during breach, Marissa Mayer at Yahoo,etc...

https://www.huffingtonpost.com/bill-fawcett/10-of-the-greatest-leader_b_2057685.html

Cassandra warnings ignored by many and most, but that is the nature of cassandra warnings. Also the boy who cried wolf effect as well with news of breach after breach after breach,, habituated and normalised,,, but remember, the wolf (wolves) came in he end and with catastrophic impact.

For bankers, barristers, brokers, butchers,, and even billiards and candlestick makers, Better up your game. get some people who aren't "conventional stuck in the past" and obsolete and outdated tactical only 'blinky box thinkers' and 'armchair generals'. ;) :D

It used to amaze us, the lack of understanding, the conventional mindsets, the willful ignorance and the over confident assurance that "we can't be jacked" - "we are secure" - "we know what we are doing". :-o

Mostly, the failure to adapt to dynamic and changing conditions or to "deal" with them by patching with more and more bandaids. ;) :P

Example -Trying to keep old tech,,, ATM, coping in a different age,,, gonna patch a leaking boat with moar bandaids? Treat cancer with acne skin creme? ;) :D

Adapt or die :) (mot people seem to be using credit cards,,, wonder when the fees gets outweighed by the losses - the formula => profit - loss = zero or less :D

https://krebsonsecurity.com/2018/01/first-jackpotting-attacks-hit-u-s-atms/

"Warre cried the shrews. Warre hissed the lizards. Warre shrilled the Queen of mice and Warre bellowed the Senator frog.

"This is supposed to be a time of peace… so the world has literally, in that regard, been turned upside down from protecting civilians in times of war to attacking civilians in times of peace."

"We can identify the gaps and then we need to fill those gaps in with, as we've said, a new Digital Geneva Convention," he said.

https://www.cnbc.com/2018/01/26/microsoft-calls-for-new-digital-geneva-convention-after-spate-of-high-profile-cyberattacks.html

yeah,,, no. ;) :D (this is not a legal matter, it is cyberwr/cyber warfare ) Possibility of huge liabilities for tech companies,,, O/S and cloud,,,, so multi-gov't national indemnity and 'cover'? Or settlements a la cigarettes or faulty cars? T

Thinking this was meant to spur multi-national liability coverage vs GDPR and similar actions.

Adapt or die,, the times they are a changing ;) :D

https://www.youtube.com/watch?v=nZj43rtoEp4

A question,, do you still think in terms of 'cyber criminals'? If so, you may want to reset your horizon, focus, and viewpoint,,, zero your sights downrange and 360 by 360. ;) :D