What the Hack!
Every day someone get hacked. It is so common, we are starting to suffer from "breach fatigue", meaning it is becoming so frequent no one cares anymore.
It is time to wake up! Internet is a very dangerous place and we can never let our guard down. Hacking is bigger than ever and the dark side is winning.
We performed a test and set up an unlisted LAMP stack server on the internet for 3 weeks and it had over 170K hack attempts in this short period. Most of them coming from China. This is a huge amount of attacks.
China is becoming a hacking engine towering 3 times over the next nation with malicious hosts from our research. Do not think for a second that your business is safe on the internet, no matter how small it is. It will be attacked. Hacking bots are getting smarter and more sophisticated exploiting a broad spectrum of applications which are published to the internet. It only takes one vulnerable service to become compromised. Instead start praising your security operations, trying to make your corporation safe.
Carefully standardized Reference Geek at ANS Group Plc; JOAT and penguin farmer
9 å¹´Yeah. lot of C-Suite nonsense out there "It wasn't our fault, it was an APT" "What does APT stand for?" "It stands for it not being our fault" :D
CISO and Executive Cyber / Digital Transformation Leader
9 å¹´Our biggest problem is corporations are not held liable for breaches. Instead society is letting them pass it off as "it was a sophisticated attack and we couldn't have done anything". When in fact the real story is companies should pay the cost for the people and technology to protect customer PII rather than doing the minimum that PCI, SOX, etc requires. They won't pay this because when a breach occurs the real cost goes to the bank which simply passes it to the consumer. I believe the only way that companies will do what they need to protect customer PII is for legislation that would allow criminal charges to be brought against C Level personnel and Board members of public companies which are negligent. Similar to SOX. Then public companies will get series. Until then, we will hear the nonsense of "everyone will have a breach" "you can't stop it" which is just nonsense. There can be a lot more done to stop it. If a company like Mandiant etc can figure out the breach shortly after then it could have even detected before if we only had the budget for proper people and tools.
Information Security and Regulatory Compliance Advocate
9 å¹´Great notice to the executive suite to not let their guard down on their Data Security stance and the teams supporting that effort
Founder | Advisor | vCISO for SaaS, SMBs, and Salesforce ISVs | 3x CISO with 30 Years of Proven Success
9 å¹´Great reminder Johan Hybinette. It is not an easy job knowing the most attention a security professional generally receives is when something bad happens...not all the behind the scenes work and research.