Full Disclosure mailing list archives

Re: "Hacker attacks won't hurt your company brand"

From: "Cal Leeming [Simplicity Media Ltd]" <cal.leeming () simplicitymedialtd co uk>
Date: Fri, 21 Jan 2011 11:24:15 +0000

It all depends what kind of breach happened.

Breaches caused by script kiddies and their automated kits, aren't exactly
very high profile, and usually come from poor security ethics surrounding
the infrastructure (i.e. lack of updates, no NIDS in place, no port
blocking, no IP whitelisting etc etc). Falling under this category would
certainly NOT be credible to the company, as it shows their security game is
piss poor.

Breaches caused by rouge internal staff members, or where the company has
been specifically targeted for a long play, would be the only circumstances
where the publicity could actually be beneficial, as it creates interesting
controversy, unlike the latter.

All the above is just my opinion though, not proven fact (although I've
headed up enough disaster recovery contracts after both ext and int breaches
to have a clear insight as to how these kinda things go down)

On Fri, Jan 21, 2011 at 11:02 AM, imipak <imipak () gmail com> wrote:

"...the idea that a breach is unlikely to kill your organization is
spreading, because it’s backed by data."

" If you’ve been spreading FUD [..] you’re going to face some harsh
questions. By regularly making claims which turn out to be false, people
undermine their credibility. If you’re one of those people, expect questions
from those outside security who’ve heard you make the claim."

"If you’re still doing it, you’re creating problems for yourself. Even
worse, you’re creating problems for security professionals in general."

(Adam Shostack,
http://newschoolsecurity.com/2011/01/a-day-of-reckoning-is-coming/ )


Anyone?

-i

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

"Hacker attacks won't hurt your company brand" imipak (Jan 21)
- Re: "Hacker attacks won't hurt your company brand" Cal Leeming [Simplicity Media Ltd] (Jan 21)
- Re: "Hacker attacks won't hurt your company brand" Valdis . Kletnieks (Jan 21)
  - Re: "Hacker attacks won't hurt your company brand" Thor (Hammer of God) (Jan 22)