Skip to content

Why spend money on Security prevention?

Hacker attacks occur for many reasons:

#1 Highest reason for an attack is to make money from the attack

8/19 Hackers hack Medical company - 4.5 million data sets stolen

8/5 Synology devices get ransomware

8/2 Jimmy John's credit card breach investigation

7/15 NASDAQ was owned 2005 - 2012 Arstechnica story

#2 2nd reason to attack your systems and network is to use your computers on the network to attack other computers (to make money or for political ends)

7/28 elasticsearch vulnerability could cause DDOS attacks

3/15 WordPress vulnerability can be used to attack other sites

#3 next reason to hack computer networks:  Just because the hacker can -

The hacker may just want to test their computer skills

 

Can a business afford to take a chance?

As Bruce Schneier frequently talks about in his speeches and blog

The You tube video linked is a good review of the issues of incident response.

The most interesting item to me is the psychology of security that is included near the end of the video:

Humans are naturally risk averse in gains and risk seeking in losses.

This means that most people will not pay for a vulnerability scan or other security cost. The initial inclination is to take the risk.

Also if there is a risk in a potential gain we will not go the riskier route.

 

Here are the actual areas in Bruce Schneier's web blog:

Prospect theory:

"

Prospect Theory

Here's an experiment that illustrates a particular pair of heuristics.12 Subjects were divided into two groups. One group was given the choice of these two alternatives:

  • Alternative A: A sure gain of $500.
  • Alternative B: A 50% chance of gaining $1,000.

The other group was given the choice of:

  • Alternative C: A sure loss of $500.
  • Alternative D: A 50% chance of losing $1,000.

These two trade-offs aren't the same, but they're very similar. And traditional economics predicts that the difference doesn't make a difference."

 

 

Leave a Reply