it's a tradeoff. you spend time, money and productivity loss (i.e. procedures) on IT security to decrease the risk of a successful attack. every additional dollar spent decreases the probability a bit further (if done right) but your returns are diminishing. at some point it's not worth anymore.
> "The TV5 attack fits into this pattern of highly-targeted attacks, rather than the kind of general criminal activity typically seen on the web."
in my opinion: no matter what kind of business you do, if you fall victim to the "kind of general criminal activity typically seen on the web" you're acting negligent.
then, after a certain point of increased protection attacks drastically decrease for most businesses because you're not worth the time and money it costs to attack you.
but fully secure? i mean, the stuxnet attack is the best counter example.
i compare it to healthy living: by investing time and money and refraining from doing certain pleasurable things you're improving your health and increase the chance to reach an old age. but it's no guarantee - you can still get hit by a car or succumb to cancer at age 20 just due to bad luck.
I think we agree. By doing your best to implement security measures (hire cybersecurity consultants, install the software they recommend, etc.) you are still exposed to risk, just significantly diminished since generally hackers would go after easier targets.
At issue is that many firms do not implement these security measures at all. The Sony people were repeatedly warned and had earlier breeches but didn't want to spend the money it took to follow measures recommended to them until after the attack. I think their mindset is not so unique and that many firms aren't doing what they can to try to eliminate the breeches. In some cases, the issues are internal, but in others customer lists are breeched, etc. or credit cards hacked as in Target, Lowe's, and others.
it's a tradeoff. you spend time, money and productivity loss (i.e. procedures) on IT security to decrease the risk of a successful attack. every additional dollar spent decreases the probability a bit further (if done right) but your returns are diminishing. at some point it's not worth anymore.
> "The TV5 attack fits into this pattern of highly-targeted attacks, rather than the kind of general criminal activity typically seen on the web."
in my opinion: no matter what kind of business you do, if you fall victim to the "kind of general criminal activity typically seen on the web" you're acting negligent.
then, after a certain point of increased protection attacks drastically decrease for most businesses because you're not worth the time and money it costs to attack you.
but fully secure? i mean, the stuxnet attack is the best counter example.
i compare it to healthy living: by investing time and money and refraining from doing certain pleasurable things you're improving your health and increase the chance to reach an old age. but it's no guarantee - you can still get hit by a car or succumb to cancer at age 20 just due to bad luck.