this post was submitted on 24 Dec 2023
345 points (99.4% liked)

Technology

58012 readers
2998 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
345
Mint Mobile discloses new data breach exposing customer data (www.bleepingcomputer.com)
submitted 8 months ago by [email protected] to c/[email protected]
49 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 17 points 8 months ago (3 children)

Is it just me or has 2023 been the year of the data breach? Maybe they are just larger or more widely reported. Just seems like there have been a fuck-ton of them this past year.

[–] [email protected] 9 points 8 months ago (1 children)

Hackers-for-hire on the darkweb is big business these days

[–] [email protected] 11 points 8 months ago (2 children)

While true, I'm not convinced that fully explains it. Having been in IT nearly 2 decades I feel like the second piece is cybersecurity budgets getting slashed. A lot of them have been super-basic shit like someone clicking on a malicious link.

[–] [email protected] 5 points 8 months ago

Yeah, some youtube videos that cover basics and hiring a firm after a breech is pretty standard it feels.

[–] [email protected] 3 points 8 months ago

Oh for sure, didnt mean to imply it was the only reason.

Spearphishing high-value targets, or even just phishing a company's email roster are very very common practices because they yield significant results.

Theres also the "insurance approach" to cybersecurity, where its cheaper to run PR for a little while and/or take out insurance policies against cyber attacks such as ransomware. The latter is a key factor as to why many companies dont mind paying the ransom at all.

[–] [email protected] 4 points 8 months ago (1 children)

I bet 2024 will have more. More stuff is online and we don't seem to be getting any better at securing it.

[–] [email protected] 8 points 8 months ago

I don't think the problem is "we" securing things (we being cybersecurity professionals). I think the problem is companies seeing that it's cheaper to take the PR hit, pay the ransom, pay for cybersecurity insurance, etc than it is to pay for a properly secured network.

Cybersecurity is hard (citation needed) and costs a lot of money (citation needed). If a company figures it's cheaper to have a breach and deal with the fallout than it is to properly secure shit I can promise you what will happen.

As always, follow the $$$.

[–] [email protected] 2 points 8 months ago (1 children)

Profit > Security. These companies don't care so long as the consequences don't affect profit significantly enough. Infosec is always an afterthought, if considered at all.

[–] [email protected] -1 points 8 months ago

Stupidest thing I've ever heard, you've clearly never worked for a company that's dealt with a customer info data breach. It costs them massive amounts of money to clean them up, pay for identity protection (never take that) and the PR alone costs them more in the end.