• chris002@feddit.uk
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    Can anyone explain why data breeches appear to increasing and large organizations appear powerless to prevent?

    • Blackmist@feddit.uk
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      I’ll put money on out of date OS and lack of budget for any kind of upgrades.

      I’ve just filtered my incoming bug reports by people still running Windows XP. Almost all of them are pharmacies. You tell them to upgrade, and that they’re not PCI-DSS compliant. For 9 years.

      The rest of the NHS is likely even worse.

      Sad thing about IT security, it’s one of those things that costs money and you don’t see the benefits. Only the catastrophic failures.

      • tony@lemmy.hoyle.me.uk
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        ‘Why are we paying all this money out when we could just save the money and never upgrade’ – some manager, somewhere.

    • BrikoX@lemmy.zipOP
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      It’s a lot multiple factors, opportunity cost, increase of online users due to pandemic, home from work, but biggest one being companies/governments don’t care about customer/user data so they they do bare minimum required by law to secure it. Which makes them an easy target. Getting breached is just part of doing business and a lot private companies just pay ransomware and go back to normal business.

      • chris002@feddit.uk
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        I would have thought the Information Commissioners Office UK, would have the power to issue hefty fines. Mind it sounds like those may the consequence of doing business as well. Depressing.

  • HipPriest@kbin.social
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    I was doing contract work for Barts when this exact same thing happened to them 5 years or so ago with wannacry. If I was in their Information Governance team I’d be demanding a massive investigation into why patient data has been compromised in the exact same way yet again.