yeah having to rebuild the entire server infrastructure from analyzed backups is a great time
Don’t worry. AI will do it! /s
AI will do all of it: the defense… and the attack! 🤡
🤖 I’m a bot that provides automatic summaries for articles:
Click here to see the summary
These are just two of the plethora of stories revealed as part of a research piece from the Royal United Services Institute (RUSI) published this week [PDF], examining the untold harms caused by ransomware attacks on organizations and their staff.
One RUSI interview with a security specialist working for a consultancy revealed that a ransomware attack was so mentally damaging, due to their personal identity being so closely tied to their professional success, that the incident drove them to the brink of suicide.
They manifested following different concerns, such as whether the criminals had actually been ousted from the network and whether this would impact the recovery, to the perceived threat of job losses and the infoseccers’ ability to get another position with a “tarnished” track record.
Some cited Post Traumatic Stress Disorder (PTSD) – which the survey’s authors pointed out was not a clinical diagnosis but rather named by respondents in “the non-technical sense used by lay people.”
UK education regulator Ofsted’s role, which involves multiple follow-up surveys following a ransomware incident in the schools sector, caused some security staff to say they felt “raw” long after the attack was mitigated.
The researchers also noted that there are no signs of this stopping, largely due to factors including the sheer profitability of the business model and a blind-eye approach from Russian law enforcement.
Saved 76% of original text.
IT can be pretty fucking stressful. You really have to distance yourself a bit from the work. If you put to much heart in and blame yourself when things go wrong you’ll end up burning out and destroying yourself.
I’ve watched people enter info sec and it actually makes them so insanely paranoid I feel sorry for them. Especially the fella working for the charity that got owned. That’s got to feel awful.
Yup, the reason I’m so good at my job is because I don’t care.
If systems go down, a bunch of rich people will lose some money, but it’s not a life or death situation. And not panicking is pretty much a requirement to work in upper level IT.
Don’t work in medical IT.
It has been literally life and death before.
It’s not ‘insanely paranoid’ when it is correct.
Even the really big boys have shit security and almost no one invests in it.
I was called ‘insanely paranoid’ for not wanting any IoT things in my house even though I am an IT guy.
I told them ‘I don’t want IoT things in my house BECAUSE I’m an IT guy and know what I’m talking about.’
They ignored me of course, even companies that paid for my opinion and services.
And some paid the price, but funny enough that didn’t stop them from insecure practices, it just made them choose another brand of insecure IoT devices to replace the old.
Not all IoT is bad… If you decide to get some cloud IoT and keep it on the main network that’s on you, but you could have a separate vlan or even a separate protocol like zigbee and z-wave to secure these devices and control them locally with home assistant. It might not be good enough for highly sensitive enterprise environments, but more than enough for average Joe who’s not being targeted by APTs or espionage