[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] "Hacker attacks won't hurt your company brand"

To: imipak <imipak@xxxxxxxxx>
Subject: Re: [Full-disclosure] "Hacker attacks won't hurt your company brand"
From: "Cal Leeming [Simplicity Media Ltd]" <cal.leeming@xxxxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 21 Jan 2011 11:24:15 +0000

It all depends what kind of breach happened.

Breaches caused by script kiddies and their automated kits, aren't exactly
very high profile, and usually come from poor security ethics surrounding
the infrastructure (i.e. lack of updates, no NIDS in place, no port
blocking, no IP whitelisting etc etc). Falling under this category would
certainly NOT be credible to the company, as it shows their security game is
piss poor.

Breaches caused by rouge internal staff members, or where the company has
been specifically targeted for a long play, would be the only circumstances
where the publicity could actually be beneficial, as it creates interesting
controversy, unlike the latter.

All the above is just my opinion though, not proven fact (although I've
headed up enough disaster recovery contracts after both ext and int breaches
to have a clear insight as to how these kinda things go down)

On Fri, Jan 21, 2011 at 11:02 AM, imipak <imipak@xxxxxxxxx> wrote:

> "...the idea that a breach is unlikely to kill your organization is
> spreading, because it’s backed by data."
>
> " If you’ve been spreading FUD [..] you’re going to face some harsh
> questions. By regularly making claims which turn out to be false, people
> undermine their credibility. If you’re one of those people, expect questions
> from those outside security who’ve heard you make the claim."
>
> "If you’re still doing it, you’re creating problems for yourself. Even
> worse, you’re creating problems for security professionals in general."
>
> (Adam Shostack,
> http://newschoolsecurity.com/2011/01/a-day-of-reckoning-is-coming/ )
>
>
> Anyone?
>
> -i
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] "Hacker attacks won't hurt your company brand"
  - From: imipak

Prev by Date: [Full-disclosure] "Hacker attacks won't hurt your company brand"
Next by Date: [Full-disclosure] [SECURITY] [DSA 2149-1] Security update for dbus
Previous by thread: [Full-disclosure] "Hacker attacks won't hurt your company brand"
Next by thread: Re: [Full-disclosure] "Hacker attacks won't hurt your company brand"
Index(es):
- Date
- Thread