Cybersecurity

5960 readers

364 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago

MODERATORS

[email protected]

UK Considers Ban on Ransomware Payments by Public Bodies (www.infosecurity-magazine.com)

submitted 21 hours ago by [email protected] to c/[email protected]

6 comments fedilink hide all child comments

top 6 comments

sorted by: hot top controversial new old

[–] [email protected] 8 points 19 hours ago (1 children)

Well, this is fine, just so long as those "public bodies" all have backup/recovery plans, and backup storage storing just however many minutes, hours, or days that are acceptable to lose data for, when they get hit with ranswomware encryption. it's all a matter of cost, if you have backups, and systems can be wiped, reset, reconfigured, in an acceptable amount of time, then the ransomewarers can get fucked.

If you get hit, and either don't have the backups before the encryption, or taking the time and expense to staff up IT consultants to wipe/reset/reconfigure/test is financially ruinous, then it's you who are fucked, if you're legally barred from paying the ransom (which 95% of the time works just fine, aside from, you know, financially supporting terrorists and terrorist states).

I'd always suggest being prepared with a backup recovery plan, and educating the principals just how long it's going to take from "go" to "back up to where we were functionally before we got hit", how much that's going to cost upfront pre emergency, and projected costs for downtime back to uptime.

[–] [email protected] 10 points 18 hours ago (1 children)

I dunno. The proactive approach you're describing doesn't sound very public sector. Why invest money in something when you could just ignore the issue, cross your fingers and hope it happens to someone else, not you.

[–] [email protected] 7 points 18 hours ago (2 children)

What you said sounds just like the private sector

[–] [email protected] 7 points 14 hours ago

Every sector.

We haven't had dragons attack in 50 years! Why do we still need that wizard with his protective spells?

[–] [email protected] 5 points 18 hours ago* (last edited 18 hours ago) (1 children)

Tbh it was probably a criticism of capitalism more than the public or private sectors. Why consider the long term when you could just cut costs to inflate short term profitability.

[–] [email protected] 5 points 11 hours ago

In the private sector, it's done out of greed. In the public sector, (where nothing is ever properly funded because no one likes taxes) it's done out of necessity.