Beijing Biden certainly isn’t going to help here.
A bonus to this thread is that I get ads for Infosec & Clearencejobs after reading @LZ1’s links, lol
Good!
Kinda fits here. Localized hacking with fire…
Hit a pay wall 
On 3 Feb my company was hit with a ransomware event.
Its basically shut us down for almost two weeks now. Many of us are attempting to work from home but with only email and workday not much work is getting done.
All of our factories are completely shut down. We cant even physically go in.
Its pretty wild, i cant imagine how much money this is costing us - we do something like $3B/yr in revenue.
Damn, how do they recover from this?
the solution here is to work exclusively for unimportant companies with nothing proprietary and no meaningful secrets that could be monetized.
So, we should be looking for typical government jobs?
2 Likes
Just in the past year the amount of security they added has been relentless. I often have to prove my identity multiple times a day even after entering a password with upper/lower/number/special characters every time I open it. It’s honestly annoying.
lol
tell us a story bruh!
What story? How ransomware groups operate? What initial access methods they use? Nexus with nation states?
Ransomware is pretty much everywhere these days.
Hit our credit union customers hard about a year ago but has calmed down a lot since then. Did teach some people the importance of backups though, especially off site backups, and more specifically why they should pay us to handle that for them.
It’s funny most of the ransomware stuff is human driven these days. A big target is them going after backups first which are often not protected.
1 Like
I see the stuff @lz posts on Twitter and I have no clue what he’s talking about, but it keeps me aware that there’s probably some vulnerability in our process at one of my jobs.
@lz do you have someone you can recommend to do a security assessment of an organization?
I think that’s why it slowed down at our CU’s honestly. People finally got the message to stop opening sketchy emails.
It’s going to completely depend on type of org, budget, regulatory requirements, and overall risk.
For a lot of places it’s perform backups, run an EDR(Microsoft ATP, Crowdstrike, etc), use multi factor on all external login interfaces…Other places its have a multi million dollar budget and a lot of head count.