Colonial Pipeline boss confirms $4.4m ransom payment
Discussion
Colonial Pipeline boss confirms $4.4m ransom payment.
Yet again, a company has been hacked. Can some explain to me why companies don't keep their essential core system network completely remote from the outside world? I've worked on secure computer networks for engineering. There was no way on earth, short of a corrupt employee, and even then it would be almost impossible, for an unauthorised individual to get into the network.
Yet again, a company has been hacked. Can some explain to me why companies don't keep their essential core system network completely remote from the outside world? I've worked on secure computer networks for engineering. There was no way on earth, short of a corrupt employee, and even then it would be almost impossible, for an unauthorised individual to get into the network.
I work for a national company which was gobbled up several years ago by a multi national.
Up until the takeover I had access to my e mails on my personal devices, that was removed by the IT dept, I still have full access to the siemens network which handles the entire process of the firm all over europe because the IT dept do not have a clue about anything outside their microsoft bubble.
I can take a stick into work and upload anything I wish, download the same.
Their only security 'upgrade' was to block non company owned devices from the intranet, if I chose to I could circumvent this with ease, they are out of touch and unskilled beyond belief, probably the case with a lot of in house IT departments.
Up until the takeover I had access to my e mails on my personal devices, that was removed by the IT dept, I still have full access to the siemens network which handles the entire process of the firm all over europe because the IT dept do not have a clue about anything outside their microsoft bubble.
I can take a stick into work and upload anything I wish, download the same.
Their only security 'upgrade' was to block non company owned devices from the intranet, if I chose to I could circumvent this with ease, they are out of touch and unskilled beyond belief, probably the case with a lot of in house IT departments.
You'd be amazed at the stuff companies dump directly on the internet 
You also need to factor in working from home (many companies will have done things during the pandemic that they may not have ordinarily done).
Then there's the old thing that I think the IRA said of "we only need to get lucky once you need to get lucky all the time".
Throw in some bad practises around separation of roles and maybe patching and other issues and it's not that much of a leap.
You also need to factor in working from home (many companies will have done things during the pandemic that they may not have ordinarily done).
Then there's the old thing that I think the IRA said of "we only need to get lucky once you need to get lucky all the time".
Throw in some bad practises around separation of roles and maybe patching and other issues and it's not that much of a leap.
Gassing Station | News, Politics & Economics | Top of Page | What's New | My Stuff