Cloud Security Alliance says infosec wonks would pay $1m ransoms Some companies will pay hackers up to US$1 million in ransoms to claw back stolen data according to a poll by the Cloud Security Alliance. The survey garnered 209 respondents of which half were in IT security and a third from tech with most hailing from companies with up to 1000 staff and a quarter from large enterprises with …
I won't comment on spacing on "$1m", but at least capitalize the M since it supposedly means millions not millis?
I have seen both m and M used so I had a quick look online. There does not seem to be any widely used standard for this. In fact, there is a bit of confusion on the topic - I found style guides providing contradictory advice. I guess the best thing is to use what your audience finds acceptable and to be consistent with whichever you choose.
I have seen both m and M used so I had a quick look online.
Because the internet is so authoritative a source, right.
'm' and 'M' are SI prefixes for "milli" (one thousandth) and "Mega" (one million), and there is absolutely no confusion on that point. If the 'm' here were being used as an SI prefix, though, I'd expect it immediately to precede the unit ('$') rather than to be separated from it by the value, so there is room for uncertainty.
Had the piece said "m$1" rather than "$1m" I would be quite certain that one milli-dollar was what was meant (if not what was intended).
I should have thought that one of the first things that should be done to discourage this sort of extortion was to make it illegal to pay the ransom ... maybe it already is (IANAL) in which case that gem should be made more widely known.
I wouldn't like it to be MY database that got encrypted, but knowing I couldn't legally pay the ransom might encourage me to take a bit more care of it in the first place.
Telling a survey like this one that you'd be happy to pay must just encourage the scumbags.
... why they don't pay a cognizant professional network security person $95,000/year to prevent the problem in the first place?
Oh,wait ... that would suggest Manglement is clueless about the actual functionality of TehIntraWebTubes. The investors would NEVER put up with that, now would they?
Good design, penetration tests and any remediation actions are significantly less than this.
Perhaps if they started with appropriate budget and infrastructure, a regular patching and testing regime they could save a lot more in the long run. After all, paying the ransom seems to be a lot easier to achieve than getting a business case through the Spanish inquisition, getting budget, getting resources and doing the work.
I also bet that after paying the random, there is no budget left to fix any defects, so the stable door is left ready for the next bunch who rock up.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
