back to article Just because you're paranoid doesn't mean hackers won't nuke your employer into the ground tomorrow

The number one thing worrying infosec bods right now is… yup, you guessed it, a giant targeted attack that KOs their employers' systems. This fear was seconded – though not closely – by the threat posed by the people with whom they make small talk at the water cooler: their org's very own blabby, policy-swerving, "oh-I'll-just …

  1. eswan

    Of course there is an xkcd for that.

    https://xkcd.com/2057/

  2. chivo243 Silver badge
    Coat

    How does the saying go?

    You're only paranoid until they get you?

    I would hate to live like that.

    Now where's that tinfoil hat icon?

  3. Anonymous Coward
    Anonymous Coward

    Of course they are going to spread fear and worry, it keeps them all in a job.

    1. B*stardTintedGlasses

      It wasn't "What do you think you need to say to make sure you keep getting paid?", it was "What scares the bloody life-force out of you?".

      Speaking as an IT security type, I totally agree with the fears, and that is just professionally speaking.

      If I actually sat down and allowed myself to worry about the larger picture of Cybersecurity/Infosec and how it affects my personal life, professional life, future, etc, instead of trying to fix my small area of it one increment at a time, then I might just end up a gibbering wreck.

      The fact you put such an unhelpful comment as AC implies you either are extremely ignorant of the way things work here in the real world, or know you are just dead wrong, but have a chip on your shoulder against security types for some reason.

      BUT being the paranoid pragmatic type, I am aware it could be both...

  4. A.P. Veening

    Paranoid

    My questions is just whether I am paranoid enough.

    1. jonathan keith

      Re: Paranoid

      If you even have to ask, the answer is "no".

      1. robidy

        Re: Paranoid

        In the the tech world it's paranoia...everywhere else worrying about the threat/competition is being an entrepreneur

        1. Peter 26

          Re: Paranoid

          You're just paranoid until it happens. Do you cover your house in CCTV and alarms, or do you wait to be burgled before installing them?

          Getting secure in IT is just such a ball ache. It requires an incredible amount of work, for something that might never happen. Personally I try to do half of it, but I'd be screwed if targeted.

    2. Anonymous Coward
      Anonymous Coward

      Re: Paranoid

      We would tell you, but then we'd have to kill you.

    3. Robert Helpmann?? Silver badge
      Childcatcher

      Re: Paranoid

      My questions is just whether I am paranoid enough.

      If you were, you probably would have gone on a rant concerning the phrase "mission-critical cloud services". Ceding the responsibility and control of the bits of your company that must absolutely work in order for the company to go on seems insufficiently paranoid to me. I get there are business reasons and things that can be done to mitigate risk, continue operations, et cetera, but besides the issue of whose to blame when things inevitably go in the crapper is the fact that cloud security is still an area that is relatively immature. Want to use them as a COOP solution? Makes sense. Can they allow rapid scaling of existing resources? Sure. Would a truly paranoid security person recommend you put all of your eggs in that particular basket? Only if you want omelettes.

    4. Potemkine! Silver badge

      Re: Paranoid

      Even paranoids have enemies.

  5. DougS Silver badge

    Well no duh

    Security professionals are worried about a bad hack? Which would expose them as not doing their jobs well enough and thus might get them fired? Color me shocked!

    In other news, company fire safety officers are most worried about a deadly fire at their employer, company fraud prevention officers are most worried about a fraud that costs their employer millions, company lead security officers are most worried about a theft or unauthorized personnel able to access their employer's facilities, and so on...

    1. Anonymous Coward
      Anonymous Coward

      Re: Well no duh

      I want to get to the point where I worry that the latest IoT device that we have declared "ready for market" might flood the office space with a deadly neurotoxin.

      1. stiine Bronze badge
        Coffee/keyboard

        Re: Well no duh

        "I want to get to the point where I worry that the latest IoT device that we have declared "ready for market" might flood the office space with a deadly neurotoxin.'

        Well, thanks, I hadn't thought of that one...

  6. amanfromMars 1 Silver badge

    Who Dares Win Wins

    Black Hat opined this shows "growing scepticism among European security professionals with regard to the ability to protect user privacy".

    Seconded. It is One of those Simple Impossibilities One has to Deal with. Move SWIFTly onto Better Use of Customer Client Information or Stagnate in Needless Debate with Oneself over Superb IntelAIgent Sources.

  7. Doctor Syntax Silver badge

    "Despite that, just a third thought their employers' compliance was good."

    The breakdown is likely to be a third good now, a third good once they've seen a few others get big fines and a third good after they've had fines.

  8. Obesrver1
    Coffee/keyboard

    Excuse me.... but,... is that YOUR backdoor?

    Yes But, they could not admit that it's their little backdoor they built into the servers that is going to allow the server to be wacked in some not so humungus attack, And further all it will sake is a kiddie with a dirty Wifi toy next door to their home, after they leave the VPN open for too long in admin mode.

    1. Destroy All Monsters Silver badge

      Re: Excuse me.... but,... is that YOUR backdoor?

      Why are PHBs commenting here and will no-one rid us of their pesky presence?

  9. Anonymous Coward
    Anonymous Coward

    I can only hope

    If we get hacked, I will be out of a job,,,, YIPPIII

    I mean darn, NOT, I want to live in a world without electricity. I'm sick of being worried all the time, looking for IOC ever fricking place. Info Sec work has made me so paranoid that if I see my home router blink when I'm not doing anything I jump aghhhhhhhhhhh

  10. simon2018

    GDPR

    One of the best things about the european GDPR law is that it pushes companies to decide what data they gather, and how long they keep it. Data that is not there cannot be stolen.

    And in my personal experience of large european companies, they take their GDPR processes very seriously already. The data that my clients (telecom, banking, insurance, etc) could potentially gather on their users has major privacy implications - but fortunately, GDPR is ensuring that it is suitably trimmed and anonymized. IMO, the GDPR has brought major benefits for privacy; I shudder to think what happens in countries without such protections.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019