Do NOT Pay Attention to Security - Fix Problems If they Come
There are a few people who would rather not pay attention to security – and do the absolute minimum with regards to PCI compliance or other compliance and regulations.
It will only be after a major attack that the attention of the executives will be focused on security. As in the above image where a Threatpost article discusses a US pipeline disruption by ransomware.
Until an actual disruption there is no need for paying attention to actual security processes. As long as IT is working for us we do not need to ‘focus’ on security. We have a backup – maybe we do not test and recover to see if it works (since that costs time and money).
It is not like we are not having security we just do not focus on it.
As you can see from another Threatpost blogpost above, about 32% of medical devices are never updated or checked for vulnerabilities.
The problem stems from the manufacturers not focusing on security (because noone is asking for it), so it is not built-in.
The problem is multi-faceted, as some equipment is old and runs old operating systems (like Windows server2003) which frankly cannot be updated easily.
So we keep going and muddling through.
On the last image from the same recent threatpost blogpost it is a known fact that 35 million Internet-exposed radiology studies (medical records) are exposed for all to see.
the $4 Billion number is likely from many different issues added up and thus since it is so high it is likely not believable for a specific company.
Many companies that see these statistics think it does not affect them. the interesting thing about these types of stories is that most client companies are certain it is not in their interest to spend more time and money, since everyone else is having a problem.
It is an interesting phenomenon I have recently seen discussed in RSA conference by Dr Jessica Barker the Co-Chief Executive Officer of Cygenta.
She does a great job in discussing some of the psychological issues that we automatically gravitate towards without knowing.
This site has a difficult job in creating cyber awareness when a negative message is ignored and a positive is likely put on the bottom of the task list.
Contact us to discuss your situation.