.

Companies always take actions too late.

<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Thu May 21, 2009 9:38 am

Companies always take actions too late.

I just read an article in a news paper about how some attackers stole $1.2 millions in a few minutes, but I begin to laugh when they begin to take actions about how the employees surf on internet and other security actions AFTER THEY GOT THE INCIDENT.

I have a supervisor that always tells me, we never got that kind of problems, so do not worry, jajajajaja, It is very difficult to change their mind. It is necessary to be pro-active.

This is the link:

http://www.chron.com/disp/story.mpl/bus ... 34202.html
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Fri May 22, 2009 8:48 am

Re: Companies always take actions too late.

That sentiment is pretty common. Sadly, "we aren't a big enough target", or "it'll never happen to us" are heard too often.
twitter.com/timmedin | http://blog.securitywhole.com
<<

Artful Dodger

Newbie
Newbie

Posts: 43

Joined: Tue Apr 29, 2008 8:58 am

Post Fri May 22, 2009 10:20 am

Re: Companies always take actions too late.

so so so true.  I run into this every single day.  It makes no sense.  but really it is just ignorance.  If you dont understand the digital world it is hrd to understand the threat.  Most people think "I have no idea how to do that or why you would do that, so I bet prety much everyone else is in my shoes."  But those same people would never say "I like to leave my doors and windows open when I leave the house.  Ive never had an issue with burglary, so..."  that is because they can feel see and touch the issue.  I think:)
CISSP, C|HFI, Security+, Network+, XYZ...blah.
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Fri May 22, 2009 10:58 am

Re: Companies always take actions too late.

You will not bealive this: my supervisor (IT manager) with 11 years in this company says the same, no body it is interesting to attack our company.

And when one of his programm does not work he said inmediatly: Too much security, too much security.
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

Orhan

Newbie
Newbie

Posts: 14

Joined: Wed May 20, 2009 2:26 pm

Post Sat May 23, 2009 8:21 am

Re: Companies always take actions too late.

Changing technology is easy...changing culture is hard. I think changing this cultural mind set can only be done by constantly making your managers and employees aware of the risks.  Reminding them of the bottom dollar value of a security incident.  reminding them that security is everybody’s problem.

I have implemented the most radical and successful changes to organizations after an 'incident' has occurred.  This seem to be the only time when they are willing to listen...otherwise, it is a constant uphill battle.

I would never say, "if you want to have an accident, buy insurance"...and i would never say "if you want to change your companies security culture, have a security incident!" but security, like life, can be paradoxical. 
We seem to learn best after making mistakes....and the bigger the mistake and the more it costs us, the more likely we are to change.

/<end rant>
GPEN OSCP OSWP CCSE CCSA CHFI..etc
Bronze Swimming certificate..
<<

dalepearson

Sr. Member
Sr. Member

Posts: 357

Joined: Thu Nov 09, 2006 10:03 am

Post Wed May 27, 2009 10:51 am

Re: Companies always take actions too late.

Your right it is a culture and attitude thing.
Organisations look at the risks, and are always looking on the ROI. Sadly with many things companies struggle to see the benefits and enablements that security can and does bring.

As already stated, everyone always thinks it wont happen to them, but the paranoid infosec professional has other thoughts.

We need to put ourselves in the business mindset, and then educate at the right level. The key thing is to document the thoughts and risks as you see them, and plan how you will react when the attack / breach does occur.

Good old human nature.

Return to News Items and General Discussion About EH-Net

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software