undefined | Better HN

0 pointsdahfizz4y ago0 comments

> It's supporting infrastructure that needs to be able to withstand reasonably anticipated forces of nature.

Hackers are not a force of nature, they are criminals. This is absolutely no different than someone picking the lock to your front door and stealing all you own. Even if you forgot to lock your door, or failed to install steal bars over your windows, its still not your fault if your house is broken into.

0 comments

8 comments · 4 top-level

dijit4y ago· 2 in thread

If I hire you to secure my house and you remove my front door- you are liable.

Kaseya is a security services company, they’re the ones securing the home, they removed the front door.

shuntress4y ago

Most people (at least, that I know) do not hire private security teams to police their homes.

And the ones that do pay companies for security typically stop at surveillance (cameras, motion detectors, door detectors, etc). These only help to prevent intrusion with the threat of detection (the intruders recognizable face on camera).

Most private buildings are not hardened fortresses capable of state-of-the-art attacks and I personally don't think it's reasonable to expect them to be.

dijit4y ago

Sure, people don't, or at least the kind of people I associate with don't: companies do though.

This was a company hiring a security firm.

theptip4y ago· 2 in thread

A good analogy might be germs. It's probably not reasonable to expect most businesses to have a plan to handle a global pandemic, or to vaccinate the public against seasonal endemics. But it's probably reasonable to expect most businesses to be aware of germs and take appropriate measures to handle and protect against them.

Hospitals being very sensitive to germs, should have strong sanitation protocols. Food processing, likewise. The government should regulate this.

A factory making cars, maybe less regulation is required, though a general baseline prohibition on unsanitary working environments makes sense.

I'd say in the current threat environment, hacking/phishing attempts are closely analogous to the baseline level of attacks that our immune systems are subjected to. Countries that harbor hackers could be analogized to dumping effluent into a river up-stream of a city; it's probably the government's job to clean that up. But also, if the river is unsanitary, in the meantime it's reasonable to be critical of companies that obliviously use it for rinsing vegetables.

Under this analogy, it's both reasonable to expect companies to be aware of germs and take precautions against them, since they are a fact of the environment, and also to want the government to take the lead on cleaning up egregious sources of germs, since that's not something any individual actor could do on their own.

shuntress4y ago

It is better to compare digital crime to that which is more similar: Physical crime.

Unlike germs, these attacks are carried out deliberately by people. Not instinctively by some animal or natural force.

theptip4y ago

Ok, and how would you apply your comparison to the conversation we're having here?

1 more reply

hnick4y ago

Sure, but banks have vaults. There's a continuum on what is reasonable against known risks. No one would accept a bank saying not to victim blame if they had no security. We know they are targets.

Unfortunately, enforcement online is an international sovereignty issue, so everyone is a target due to high reward and low risk. Until changes are made we must be responsible for our own security. We can still blame attackers at the same time.

markzzerella4y ago

The internet is global, freely accessible WiFi is covering every city on the planet, and sub $50 single board computers that use so little power they can run off small solar panels are ubiquitous. Hackers are absolutely to be expected like a force of nature and to think they aren't is pure fantasy.

If you are making millions of dollars but can't manage first year student level security or anything approaching best practices then you get what's coming to you.

j / k navigate · click thread line to collapse

0 comments

8 comments · 4 top-level

dijit4y ago· 2 in thread

If I hire you to secure my house and you remove my front door- you are liable.

Kaseya is a security services company, they’re the ones securing the home, they removed the front door.

shuntress4y ago

Most people (at least, that I know) do not hire private security teams to police their homes.

Most private buildings are not hardened fortresses capable of state-of-the-art attacks and I personally don't think it's reasonable to expect them to be.

dijit4y ago

Sure, people don't, or at least the kind of people I associate with don't: companies do though.

This was a company hiring a security firm.

theptip4y ago· 2 in thread

Hospitals being very sensitive to germs, should have strong sanitation protocols. Food processing, likewise. The government should regulate this.

A factory making cars, maybe less regulation is required, though a general baseline prohibition on unsanitary working environments makes sense.

shuntress4y ago

It is better to compare digital crime to that which is more similar: Physical crime.

Unlike germs, these attacks are carried out deliberately by people. Not instinctively by some animal or natural force.

theptip4y ago

Ok, and how would you apply your comparison to the conversation we're having here?

1 more reply

hnick4y ago

Sure, but banks have vaults. There's a continuum on what is reasonable against known risks. No one would accept a bank saying not to victim blame if they had no security. We know they are targets.

markzzerella4y ago

If you are making millions of dollars but can't manage first year student level security or anything approaching best practices then you get what's coming to you.

j / k navigate · click thread line to collapse