back to article CISOs face 'perfect storm' of ransomware and state-supported cybercrime

With not just ransomware gangs raiding network after network, but nation states consciously turning a blind eye to it, today's chief information security officers are caught in a "perfect storm," says Cybereason CSO Sam Curry. "There's this marriage right now of financially motivated cybercrime that can have a critical …

  1. Anonymous Coward
    Anonymous Coward

    "The benefit of a hybrid environment is you get to work the few people you kept to death while dumping the majority of the work on automated systems and cheap offshore labour. It's a win-win solution -- except for the techies that now have double their old workload.

  2. Mike 137 Silver badge

    The $64,000 question

    Do you trust a 3rd party implicitly, or do you put in place some kind of security buffer between you and them?

    '"It can take a simple third-party logistic organization to shut down your entire organization..."'

    Over the years I've seen far too many unmonitored permanently open VPNs to 3rd parties "because they need access". Every single channel to the outside world must be actively security checked - that's a basic part of resilience, so stating that "cyber resiliency plays a key role in recovering from an attack" is missing the point (indeed the meaning) of resilience. Stopping as many as possible of the attacks getting through in the first place is its most important element.

  3. Anonymous Coward
    Anonymous Coward

    What.....No mention of attacks like the SolarWinds compromise?....

    .....where a legitimate update to a well known application......

    .....resulted in the start of an attack by bad actors!!!

    So.....do these CISO folk actually know that the development environments of EVERY software supplier (and some hardware suppliers) is secured against development-based attacks?

    Ref: https://wiki.c2.com/?TheKenThompsonHack << This one is about internal hacks

    Ref: https://www.npr.org/2021/04/16/985439655/a-worst-nightmare-cyberattack-the-untold-story-of-the-solarwinds-hack?t=1647634891383

    Ref: https://www.tomshardware.com/uk/news/cisco-backdoor-hardcoded-accounts-software,37480.html << ...and these ones might have originated in Fort Meade

    No....I didn't think so!

  4. Mellipop

    Security doesn't happen by managers creating a plan.

    It needs constant planning. And that mean having a permanent officer whose job is test the resilience, the weaknesses, the entry points, the assumptions.

    Because assumptions are the mother of all f**k ups.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like