Quote:
Originally Posted by Sarmat89
Serves them right. The only scenario the "encryption of certain files" is happening is when a company is too stingy to contract qualified service personel, or allows some higher-up staff to bypass security policies established by the IT department.
|
The best way to describe your response is bullshite. I work in IT and all too often, the reason for a security breach is not the company personnel or higher-ups bypassing security policies. Getting in through a third party contractor (supply chain attack) is currently the most probable path for an attack. Remember the Solar Winds breach? Most likely done by a nation-state hacking group called Nobelium who used a supply chain attack. Add in zero day attacks using discovered but not patched flaws in software, malware introduced by multiple methods, insider threats, social engineering, etc.
At my current employers, we have implemented as close to a zero trust environment as we can do and still allow the network access required for people to do their jobs. We've segmented the network to prevent lateral migration. We have done our due diligence and are far ahead of where we were when we started the security improvement project. We have done and are still doing ongoing security training for staff (as one company calls it, the human firewall). We do a lot of automated analysis of network traffic, logins, etc. And yet, we still worry about ransomware, data theft and ghod alone what else.
And yes, I know I sound paranoid—I just don't know if I am paranoid enough. The only way I will know is when we get hacked and then we'll find out if our disaster recovery plan is worth the time and money spent on it.