I don’t understand how the timing of these announcements work. Do they wait for all their richest clients to pay the ransom money first? Explore every avenue of deniability until they’re exhausted?
They definitely do a risk assessment on the possible costs of announcing a breach vs the costs of hiding one. I’ve seen a talk where it was pointed out that one of America’s biggest vulnerabilities in its tech sector and general cyber infrastructure is the fact that companies are not legally obliged to announce a leak when it happens.
threaded - newest
Again
I don’t understand how the timing of these announcements work. Do they wait for all their richest clients to pay the ransom money first? Explore every avenue of deniability until they’re exhausted?
They definitely do a risk assessment on the possible costs of announcing a breach vs the costs of hiding one. I’ve seen a talk where it was pointed out that one of America’s biggest vulnerabilities in its tech sector and general cyber infrastructure is the fact that companies are not legally obliged to announce a leak when it happens.