Paying Ransomware demands...
2 views
Skip to first unread message
liam.soccerfit Gmail
Jun 6, 2019, 10:12:32 PM6/6/19
to intoitsap...@googlegroups.com
A difficult issue...should one pay ransomware or not...but I suppose it is broader moral issue...so perhaps not the stuff of this Google group...BUT...I am a tad surprised with some of the IT practices of a US municipal authority...
Sent from my iPhone
Karl Auer
Jun 7, 2019, 12:18:59 AM6/7/19
to intoitsap...@googlegroups.com
City of Baltimore had "very little backed up", that they were taken in
by a phishing attack and that they were warned three years ago of the
potential danger to their inadequately protected systems. The first is
forgiveable, it can happen, but the rest?
We can also surmise that security inside the City networks was very
poor indeed, because one attacker was able to damage so much.
"The hacker, not the city, is to blame" - Well, no, I don't buy that.
Certainly the hacker is to blame for the attack, a reprehensible and
criminal act. But the City is to blame for the magnitude of the loss.
They were even warned about the problems and the potential for
disaster, and still failed to deal with it.
Just because it's a hacker, we get outraged. But it could have been a
flood, a fire or an earthquake. A large part of the fault lies with the
City for allowing itself to be so vulnerable.
Regards, K.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (ka...@biplane.com.au)
http://www.biplane.com.au/kauer
http://twitter.com/kauer389
GPG fingerprint: 8D08 9CAA 649A AFEF E862 062A 2E97 42D4 A2A0 616D
Old fingerprint: A0CD 28F0 10BE FC21 C57C 67C1 19A6 83A4 9B0B 1D75
Andrew Larkin
Jun 7, 2019, 12:36:41 AM6/7/19
to intoitsap...@googlegroups.com
This is a comprehensive failure to develop, implement, and execute a risk management plan.
1. The risk of cyber attack was not dealt with when it was identified.
2. The consequences of a successful attack were not dealt with so as to minimise damage
The responsibilities of a manager or director to the stakeholders (shareholders in a company, citizenry in the case of a government) is to achieve the best outcome. $18mil in consequential damages with no end in sight for the sake of a $100k ransom is not the best outcome.
1. The risk of cyber attack was not dealt with when it was identified.
2. The consequences of a successful attack were not dealt with so as to minimise damage
The responsibilities of a manager or director to the stakeholders (shareholders in a company, citizenry in the case of a government) is to achieve the best outcome. $18mil in consequential damages with no end in sight for the sake of a $100k ransom is not the best outcome.
Reply all
Reply to author
Forward
0 new messages