Of course there is an xkcd for that.
https://xkcd.com/2057/
The number one thing worrying infosec bods right now is… yup, you guessed it, a giant targeted attack that KOs their employers' systems. This fear was seconded – though not closely – by the threat posed by the people with whom they make small talk at the water cooler: their org's very own blabby, policy-swerving, "oh-I'll-just …
It wasn't "What do you think you need to say to make sure you keep getting paid?", it was "What scares the bloody life-force out of you?".
Speaking as an IT security type, I totally agree with the fears, and that is just professionally speaking.
If I actually sat down and allowed myself to worry about the larger picture of Cybersecurity/Infosec and how it affects my personal life, professional life, future, etc, instead of trying to fix my small area of it one increment at a time, then I might just end up a gibbering wreck.
The fact you put such an unhelpful comment as AC implies you either are extremely ignorant of the way things work here in the real world, or know you are just dead wrong, but have a chip on your shoulder against security types for some reason.
BUT being the paranoid pragmatic type, I am aware it could be both...
You're just paranoid until it happens. Do you cover your house in CCTV and alarms, or do you wait to be burgled before installing them?
Getting secure in IT is just such a ball ache. It requires an incredible amount of work, for something that might never happen. Personally I try to do half of it, but I'd be screwed if targeted.
My questions is just whether I am paranoid enough.
If you were, you probably would have gone on a rant concerning the phrase "mission-critical cloud services". Ceding the responsibility and control of the bits of your company that must absolutely work in order for the company to go on seems insufficiently paranoid to me. I get there are business reasons and things that can be done to mitigate risk, continue operations, et cetera, but besides the issue of whose to blame when things inevitably go in the crapper is the fact that cloud security is still an area that is relatively immature. Want to use them as a COOP solution? Makes sense. Can they allow rapid scaling of existing resources? Sure. Would a truly paranoid security person recommend you put all of your eggs in that particular basket? Only if you want omelettes.
Security professionals are worried about a bad hack? Which would expose them as not doing their jobs well enough and thus might get them fired? Color me shocked!
In other news, company fire safety officers are most worried about a deadly fire at their employer, company fraud prevention officers are most worried about a fraud that costs their employer millions, company lead security officers are most worried about a theft or unauthorized personnel able to access their employer's facilities, and so on...
Black Hat opined this shows "growing scepticism among European security professionals with regard to the ability to protect user privacy".
Seconded. It is One of those Simple Impossibilities One has to Deal with. Move SWIFTly onto Better Use of Customer Client Information or Stagnate in Needless Debate with Oneself over Superb IntelAIgent Sources.
Yes But, they could not admit that it's their little backdoor they built into the servers that is going to allow the server to be wacked in some not so humungus attack, And further all it will sake is a kiddie with a dirty Wifi toy next door to their home, after they leave the VPN open for too long in admin mode.
If we get hacked, I will be out of a job,,,, YIPPIII
I mean darn, NOT, I want to live in a world without electricity. I'm sick of being worried all the time, looking for IOC ever fricking place. Info Sec work has made me so paranoid that if I see my home router blink when I'm not doing anything I jump aghhhhhhhhhhh
One of the best things about the european GDPR law is that it pushes companies to decide what data they gather, and how long they keep it. Data that is not there cannot be stolen.
And in my personal experience of large european companies, they take their GDPR processes very seriously already. The data that my clients (telecom, banking, insurance, etc) could potentially gather on their users has major privacy implications - but fortunately, GDPR is ensuring that it is suitably trimmed and anonymized. IMO, the GDPR has brought major benefits for privacy; I shudder to think what happens in countries without such protections.