
What If Street Crime Statistics Matched Those of Cybercrime? - GiulioS
https://secalerts.co/article/what-if-street-crime-statistics-matched-those-of-cybercrime/bcc857ea
======
bransonf
The biggest difference, however, is that almost all cyber crimes are
preventable.

The level of op-sec in most large companies, personal accounts, and even
critical infrastructure is abysmal. Once a vulnerability is discovered and a
patch is released, the bad guys know they have a guaranteed in if they act
quick enough. And they do. All they have to do is beat the Sysadmins.

Here’s a hypothetical: MS discloses a vulnerability in Word and advises an
immediate update. Well, the SysAdmin is overworked and can’t get to it this
week. Friday, Suzy in HR gets an email with a malicious word doc. She opens
it.

The bad guys are in. And chances are, word isn’t the only piece of software
that missed a vulnerability patch. The hacker gets privilege escalation and
crypto-locks the computer. And of course, there were no backups of the data.
So, the company pays the 35K or whatever in bitcoin.

Where could this have been stopped?

\- Better updating protocols for vulnerable software \- Teaching Suzy in HR
not to open random file attachments \- Frequent, immutable backups

Only one of those things has to happen, and you wouldn’t have had to pay a
single satoshi to the bad guys.

