ninekeysdown@lemmy.world
on 22 Sep 2023 11:47
nextcollapse
I think as more gen z enters the workforce we’re going to start seeing more breaches because they’re not going to give a shit when they see someone in the csuite making 1000x what an average person makes. Especially when they can barely afford to eat and need 5 roommates.
If these places want to stop that from happening the best way is to pay your staff EXTREMELY well and setup things like pensions and profit sharing.
ColeSloth@discuss.tchncs.de
on 22 Sep 2023 12:36
collapse
I guess you didn’t read the article or think about what you’re saying?
They aren’t phishing low tier workers. They’re getting executives and people high up in companies to the data they’re after. They aren’t getting in by using an hourly employees info.
It’s the low tier employees that usually monitor for breaches and anomalies and they just won’t give a shit.
gravitas_deficiency@sh.itjust.works
on 22 Sep 2023 15:39
nextcollapse
And “tech debt” (which I’m sure said execs would lump refactoring infrastructural security under) isn’t a new feature that generates money, so it’ll get consistently deprioritized.
thesmokingman@programming.dev
on 22 Sep 2023 16:50
collapse
Cyber gets paid but help desk folks, ops managers, general help staff, and the little people with too much least privilege who actually get shit done usually aren’t.
thesmokingman@programming.dev
on 22 Sep 2023 18:01
collapse
The article explicitly talks about social engineering. If you’ve solved social engineering for the positions I listed, you have effectively ended the need for most security solutions. Yes, we can mitigate its effects, but no, watching doesn’t prevent it which was the context of this thread.
thesmokingman@programming.dev
on 22 Sep 2023 18:15
collapse
You have to define adversary objectives then separate those from normal behavior. Again, you haven’t solved the problem raised in the thread. How are you, a highly paid cyber security professional, going to prevent social engineering from allowing privilege escalation and negative outcomes ranging from fraudulent invoices to knowledgeable, intentional use of applications following expected behavior?
spacecowboy@sh.itjust.works
on 22 Sep 2023 13:00
nextcollapse
Modern day bank robbers.
Potatos_are_not_friends@lemmy.world
on 22 Sep 2023 14:24
collapse
Are we going to pretend like hackers didn’t do this in the 80s as well? Literal teenagers? How many stories just didn’t get exposed because it was hush hush?
p03locke@lemmy.dbzer0.com
on 23 Sep 2023 08:21
collapse
No shit. I thought everybody saw the totally-accurate documentary Hackers.
threaded - newest
I think as more gen z enters the workforce we’re going to start seeing more breaches because they’re not going to give a shit when they see someone in the csuite making 1000x what an average person makes. Especially when they can barely afford to eat and need 5 roommates.
If these places want to stop that from happening the best way is to pay your staff EXTREMELY well and setup things like pensions and profit sharing.
I guess you didn’t read the article or think about what you’re saying?
They aren’t phishing low tier workers. They’re getting executives and people high up in companies to the data they’re after. They aren’t getting in by using an hourly employees info.
It’s the low tier employees that usually monitor for breaches and anomalies and they just won’t give a shit.
And “tech debt” (which I’m sure said execs would lump refactoring infrastructural security under) isn’t a new feature that generates money, so it’ll get consistently deprioritized.
Source: am software+devops engineer
.
Cyber gets paid but help desk folks, ops managers, general help staff, and the little people with too much least privilege who actually get shit done usually aren’t.
Source: am executive with compliance history
.
The article explicitly talks about social engineering. If you’ve solved social engineering for the positions I listed, you have effectively ended the need for most security solutions. Yes, we can mitigate its effects, but no, watching doesn’t prevent it which was the context of this thread.
.
You have to define adversary objectives then separate those from normal behavior. Again, you haven’t solved the problem raised in the thread. How are you, a highly paid cyber security professional, going to prevent social engineering from allowing privilege escalation and negative outcomes ranging from fraudulent invoices to knowledgeable, intentional use of applications following expected behavior?
Read the article.
.
Modern day bank robbers.
Are we going to pretend like hackers didn’t do this in the 80s as well? Literal teenagers? How many stories just didn’t get exposed because it was hush hush?
No shit. I thought everybody saw the totally-accurate documentary Hackers.