Hacker News new | past | comments | ask | show | jobs | submit login

I think you're kidding yourself if you think a company that gets "hacked" by off the shelf cryptoware is going to step up their game enough to have any chance of stopping a targeted state actor.

The fact they caved so quickly tells me they are years away from a reasonable security posture.




It gives other companies with more responsible practices an opportunity to get a competitive advantage from their failure.

Without widespread ransomware scammers, the risk of getting compromised is just theoretical, not tangible. Companies can get away with ignoring security concerns for a long time and might never be impacted by it.

Thus, companies which are paying a premium for better security might never be able to benefit from the mitigations they are implementing, and could be outcompeted by the companies which simply got lucky enough to avoid being attacked.

Eventually we end up with major too-big-to-fail megacorps like Equifax getting hacked by trivial exploits because nobody took advantage of them when they didn't have such a strong market position.


> I think you're kidding yourself if you think a company that gets "hacked" by off the shelf cryptoware is going to step up their game enough

Still, this might lead to their first solid security hire that can bring about change in the form of zero-trust principles, security in depth, etc.

> to have any chance of stopping a targeted state actor.

Given unlimited resources, interest and budget, no participant in the modern digital landscape has a significant chance of stopping motivated threat actors.

> The fact they caved so quickly tells me they are years away from a reasonable security posture.

Yes, obviously, but driving change is about incrementally tending to a desired state. Your fatalism is, quite frankly, unnecessary, not that you're not entitled to your opinion, just that disagreeing with GP or stating they are naive because this won't bring about perfect, all-encompassing change is not useful.


No single participant has a significant chance, but if each target becomes more expensive on average, then state actors can only afford less targets, which makes the society as a whole more resilient.

And if one target is so critical that it could take out a society, perhaps it would be better to either 1. Make it so minimalistic that it can be fully audited and secured or 2. Broken into smaller pieces and decentralised so they can either qualify for #1 or increase the total cost and complexity of compromise.


Also, making society and individuals more prepared and ready to deal with no-more-oil for a while, situations.

E.g. warm blankets at home, and food that doesn't need to be boiled, if cannot heat the house because the oil and electricity system is broken for a while?




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: