User Panel
User Panel
User Panel
|
Posted: 5/7/2024 4:18:15 PM EDT
Is the organization based?
Two main examples of Cyber Security Threats: Ukraine Power Grid attack 2015 NSA (Edward Snowden) 2013 Main threats: Nation States Hackers Insider Threats Social Cause (commies) Disruptors |
|
|
|
|
Posted: 5/7/2024 4:20:14 PM EDT
[Last Edit: Sherminator]
[#1]
I work C/S for my org. It is 100% legit here - great team, good budget, most of the tools we need to do the job. Lightyears ahead of my previous employer
Edit to add insider threat is the biggest threat on your list, at least for us. Hardest to defend against |
|
|
|
USA
|
Posted: 5/7/2024 4:25:46 PM EDT
[#2]
Originally Posted By scopedope: Is the organization based? Two main examples of Cyber Security Threats: Ukraine Power Grid attack 2015 NSA (Edward Snowden) 2013 Main threats: Nation States Hackers Insider Threats Social Cause (commies) Disruptors I don't know what this means? There aren't many woke security threats. I spend most of my time following up after people who should know better - most of which I assume to be liberals. Does that count? |
|
|
OR, USA
|
Posted: 5/7/2024 4:27:19 PM EDT
[#3]
It's garbage here. They can't even figure out how to do a machine network that isn't software firewalled. Machine network or any network with sensitive information should be air gapped.
It's also apparently OK to send proprietary information to a cloud server run by who knows run in a location we have no idea with security that they refuse to disclose but I can't send multiple sequential pages of a machining packet to the same job shop because somebody might figure out I'm building a table. |
|
|
|
Posted: 5/7/2024 4:30:25 PM EDT
[#4]
cyber security consultant here (22+ years). Having a 'based' dept entirely depends on leadership (from the CISO to the board) but there does seem to be some industry correlation to risk management - e.g. manufacturing tends to be less focused on threats than say financial services. Most defense companies (especially defense contractors) take security more seriously for obvious reasons. In the private sector, unfortunately, it's more driven by regulatory compliance (either .gov regs like HIPAA, or industry regs like PCI).
|
|
|
|
|
Posted: 5/7/2024 4:31:23 PM EDT
[#5]
DOD supplier with CUI so we do our best to comply with the not-yet-rules-maybe-going-to-be-rules-except-when-the-rule-would-eliminate-half-the-supply-chain-proposed-rule.
|
|
|
|
NE, USA
|
Posted: 5/7/2024 4:32:03 PM EDT
[Last Edit: 2ANut]
[#6]
Cybersecurity means blocking 20-year veteran engineers from their own data until overseas temp workers can click an "Approve" button to give them short-term access to make changes and do some work. Plus taking air-gapped systems and putting them on the Internet because they'll get hacked by China if they can't automatically get system updates, and creating email restrictions that are so strict that everyone uses personal email instead because it's impossible to actually send or receive anything through a company address.
|
|
|
|
Posted: 5/7/2024 4:48:34 PM EDT
[#7]
Quote HistoryOriginally Posted By 2ANut: Cybersecurity means blocking 20-year veteran engineers from their own data until overseas temp workers can click an "Approve" button to give them short-term access to make changes and do some work. Plus taking air-gapped systems and putting them on the Internet because they'll get hacked by China if they can't automatically get system updates, and creating email restrictions that are so strict that everyone uses personal email instead because it's impossible to actually send or receive anything through a company address. In my experience the 20-year vets are some of the biggest offenders. "We've always done it this way!" Refusing to adapt to changing times. Work for a DoD contractor and you don't ever have to worry about foreigners and secure networks are already airgapped |
|
|
|
TX, USA
|
Posted: 5/7/2024 4:50:13 PM EDT
[#8]
The Chinese have stolen terabytes worth of info from my employer.
Employed by DoD prime contractor |
|
|
|
Posted: 5/7/2024 4:51:40 PM EDT
[#9]
Quote HistoryOriginally Posted By CanaryCamaro: The Chinese have stolen terabytes worth of info from my employer. Employed by DoD prime contractor I'd be curious who you're with and if it's the same as my old employer... 
|
|
|
|
NE, USA
|
Posted: 5/7/2024 4:53:14 PM EDT
[#10]
Quote HistoryOriginally Posted By Sherminator: In my experience the 20-year vets are some of the biggest offenders. "We've always done it this way!" Refusing to adapt to changing times. Work for a DoD contractor and you don't ever have to worry about foreigners and secure networks are already airgapped lol |
|
|
|
Posted: 5/7/2024 5:00:00 PM EDT
[Last Edit: Sherminator]
[#11]
Quote HistoryOriginally Posted By 2ANut: lol Quote HistoryOriginally Posted By 2ANut: Originally Posted By Sherminator: In my experience the 20-year vets are some of the biggest offenders. "We've always done it this way!" Refusing to adapt to changing times. Work for a DoD contractor and you don't ever have to worry about foreigners and secure networks are already airgapped lol Allow me to clarify: you shouldn't have to worry about foreigners in secure areas. There is still a threat of foreign employees who don't hold clearances, but they shouldn't have lab access, let alone an acct on any IS |
|
|
|
NE, USA
|
Posted: 5/7/2024 5:06:22 PM EDT
[Last Edit: 2ANut]
[#12]
Quote HistoryOriginally Posted By Sherminator: Allow me to clarify: you shouldn't have to worry about foreigners in secure areas. There is still a threat of foreign employees who don't hold clearances, but they shouldn't have lab access, let alone an acct on any IS That's assuming the policies are being implemented competently. In our case, we sat through all this CMMC/ITAR/CUI/etc training and hired consultants, but then upper management had to flex their egos and prove that they know more about cybersecurity than the cybersecurity consultants. So they made decisions that effectively give overseas temp workers more access to our data than the U.S. citizens who actually work on that data, and then they pat themselves on the backs about finally making us "cybersecure." And the overseas guys constantly make mistakes that show that a lot of controls don't work correctly and one bad agent over there could really, really screw us over if they wanted to. Everyone who is aware of how wrong everything is, is afraid to speak up because then you get screamed at by the upper management egos. It's turned into a culture of fear, buck-passing, CYA, and making sure you can't be scapegoated when the inevitable happens. |
|
|
|
Posted: 5/7/2024 5:12:35 PM EDT
[Last Edit: Sherminator]
[#13]
Quote HistoryOriginally Posted By 2ANut: That's assuming the policies are being implemented competently. In our case, we sat through all this CMMC training and hired consultants, but then upper management had to flex their egos and prove that they know more about cybersecurity than the cybersecurity consultants. So they made decisions that effectively give overseas temp workers more access to our data than the U.S. citizens who actually work on that data, and then they pat themselves on the backs about finally making us "cybersecure." And the overseas guys constantly make mistakes that show that a lot of controls don't work correctly and one bad agent over there could really, really screw us over if they wanted to. Everyone who is aware of how wrong everything is, is afraid to speak up because then you get screamed at by the upper management egos. Quote HistoryOriginally Posted By 2ANut: Originally Posted By Sherminator: Allow me to clarify: you shouldn't have to worry about foreigners in secure areas. There is still a threat of foreign employees who don't hold clearances, but they shouldn't have lab access, let alone an acct on any IS That's assuming the policies are being implemented competently. In our case, we sat through all this CMMC training and hired consultants, but then upper management had to flex their egos and prove that they know more about cybersecurity than the cybersecurity consultants. So they made decisions that effectively give overseas temp workers more access to our data than the U.S. citizens who actually work on that data, and then they pat themselves on the backs about finally making us "cybersecure." And the overseas guys constantly make mistakes that show that a lot of controls don't work correctly and one bad agent over there could really, really screw us over if they wanted to. Everyone who is aware of how wrong everything is, is afraid to speak up because then you get screamed at by the upper management egos. That sounds like a nightmare. My last employer played it fast and loose. Policies were more of suggestions than hard rules, and people kind of did what they wanted because there were 0 repercussions. I found a piece of "equipment" in a recycling bin on the dock and, when I immediately tried to handle it, was threatened with my job. Management swept it under the rug and I went straight to my office and dusted off my resume. Got hired on at my current role about 10 weeks later. In hindsight I should've called their bluff |
|
|
|
|
Posted: 5/7/2024 5:19:51 PM EDT
[#14]
ARCYBER/NSA
|
|
|
|
|
Posted: 5/7/2024 5:24:50 PM EDT
[#15]
Quote HistoryOriginally Posted By ROCK6: ARCYBER/NSA Ivory tower. |
|
|
|
|
Posted: 5/7/2024 5:25:56 PM EDT
[#16]
No amount of cybersecurity can compensate for stupid users.
|
|
|
|
|
Posted: 5/7/2024 5:26:46 PM EDT
[#17]
  |
|
|
|
|
Posted: 5/7/2024 5:30:34 PM EDT
[#18]
Quote HistoryOriginally Posted By dmnoid77: Ivory tower. It's far from perfect, that's for damn sure... |
|
|
|
|
Posted: 5/7/2024 5:31:20 PM EDT
[#19]
Quote HistoryOriginally Posted By Kuraki: DOD supplier with CUI so we do our best to comply with the not-yet-rules-maybe-going-to-be-rules-except-when-the-rule-would-eliminate-half-the-supply-chain-proposed-rule. When I first heard the plans for the new rule I was thinking no way we'll never be able to buy anything ever again, especially from smaller machine shops. |
|
|
|
|
Posted: 5/7/2024 5:38:41 PM EDT
[#20]
The IT group here will occasionally test people here to keep them aware of threats.....so I mark everything that I don't know the sender personally, as phishing to give the IT team stuff to work on.
|
|
|
|
TX, USA
|
Posted: 5/7/2024 5:47:30 PM EDT
[#21]
Quote HistoryOriginally Posted By Sherminator: I'd be curious who you're with and if it's the same as my old employer... Fill in the blanks L——-d M——n |
|
|
NE, USA
|
Posted: 5/7/2024 5:54:31 PM EDT
[#22]
Quote HistoryOriginally Posted By ZF-1: The IT group here will occasionally test people here to keep them aware of threats.....so I mark everything that I don't know the sender personally, as phishing to give the IT team stuff to work on. The constant phishing tests are kind of hilarious. Sometimes they send 10 in a day, and if you don't report them as phishing within 24 hours then you're "required" to take an online phishing class. Naturally, they like to send out phishing tests at 6:00 PM on a Friday, and then you get dinged if you're a normal person who doesn't check work email on the weekends. But the funniest part is the sign-on infrastructure for the phishing class is so FUBAR'd that they don't even know how to give you access to it...but they still get mad at you for not taking it. |
|
|
|
Posted: 5/7/2024 5:57:08 PM EDT
[#23]
Quote HistoryOriginally Posted By CanaryCamaro: Fill in the blanks L——-d M——n Limpdicked Mountain? |
|
|
|
|
Posted: 5/7/2024 6:05:22 PM EDT
[#24]
I do Network Cybersecurity at my Org. All cool like minded guys that like guns, talk shop and have nice tools. Not based in the least. All hate "wokeness". A few vets, including myself. Energy company and small SCADA presence.
|
|
|
|
CO, USA
|
Posted: 5/7/2024 6:11:00 PM EDT
[#25]
The last SOC org I was with recently was a combination of H1B's, alphabet people dress wearing weirdos, and your general hyper nerds with a few folks who were decent. We caught several from the H1B and Alphabet people groups exfiltrating data regularly. They all claimed ignorance even though we had been watching them for quite a while to build our cases. One tried to claim it was ok to host proprietary scripts/code written for the company on sites like github so he could work on them from home..... Home was Russia.
|
|
|
|
Posted: 5/7/2024 6:30:37 PM EDT
[Last Edit: SparticleBrane]
[#26]
Quote HistoryOriginally Posted By 2ANut: The constant phishing tests are kind of hilarious. Sometimes they send 10 in a day, and if you don't report them as phishing within 24 hours then you're "required" to take an online phishing class. Naturally, they like to send out phishing tests at 6:00 PM on a Friday, and then you get dinged if you're a normal person who doesn't check work email on the weekends. But the funniest part is the sign-on infrastructure for the phishing class is so FUBAR'd that they don't even know how to give you access to it...but they still get mad at you for not taking it. I put a rule in my Outlook so anything coming from our phishing test's domain automatically gets trashed. No one has complained yet, thankfully...
|
|
|
|
UT, USA
|
Posted: 5/7/2024 6:47:11 PM EDT
[#27]
Quote HistoryOriginally Posted By ZF-1: The IT group here will occasionally test people here to keep them aware of threats.....so I mark everything that I don't know the sender personally, as phishing to give the IT team stuff to work on. Just wait. They will send you one with fake PSA sale deals. |
|
|
|
Posted: 5/7/2024 6:58:18 PM EDT
[#28]
I use US GOV computers so it's a hot mess!
|
|
|
|
NE, USA
|
Posted: 5/7/2024 7:02:39 PM EDT
[#29]
Quote HistoryOriginally Posted By SparticleBrane: I put a rule in my Outlook so anything coming from our phishing test's domain automatically gets trashed. No one has complained yet, thankfully...Ugh, you people who can actually do things...they changed some backend thing that prevents Outlook rules from running after too many employees created rules to auto-trash last year's Pride Month newsletters. |
|
|
|
Posted: 5/7/2024 7:18:37 PM EDT
[#30]
We have a virtual CISO who wants to go way overboard on a lot of stuff. We’re an NGO that promotes the Internet. We aren’t running the air traffic control system. He wants to spend thousands of dollars a year scanning trivial things like archival websites that haven’t been updated in years which we can recreate from backups in moments.
No wokeness, but definitely some fee inflation via overkill. |
|
|
|
|
Posted: 5/7/2024 7:22:10 PM EDT
[#31]
We're as hard as we can be. We feed our computer nerds a steady diet of raw meat and waifus.
|
|
|
|
TX, USA
|
Posted: 5/7/2024 9:22:55 PM EDT
[#32]
I'm in cybersec for a large company. We have a huge budget and about 700 people globally under the CISO.
It's quite fun. |
|
|
CO, USA
|
Posted: 5/7/2024 9:36:00 PM EDT
[#33]
Quote HistoryOriginally Posted By ParityError: We have a virtual CISO who wants to go way overboard on a lot of stuff. We’re an NGO that promotes the Internet. We aren’t running the air traffic control system. He wants to spend thousands of dollars a year scanning trivial things like archival websites that haven’t been updated in years which we can recreate from backups in moments. No wokeness, but definitely some fee inflation via overkill. I can understand why he would want to scan archival websites, more so if they haven't been updated or touched in years. It's not that you can back them up in a moments notice, it's the fact that if these sites become compromised and used in an attack, its his ass if he's failed to have his teams include them in routine security audits. I'd rather have a CISO that wants to invest and spend money securing assets rather than skimping out and playing the what if game and then waiting until things go sideways to try to triage it all. My first question would be, why are these sites even still up if they are not being updated regularly. |
|
|
|
Posted: 5/7/2024 9:40:27 PM EDT
[#34]
We have a mature program and do quite well.
|
|
|
|
FL, USA
|
Posted: 5/7/2024 9:41:06 PM EDT
[Last Edit: fuzzy03cls]
[#35]
Quote HistoryOriginally Posted By Sherminator: I work C/S for my org. It is 100% legit here - great team, good budget, most of the tools we need to do the job. Lightyears ahead of my previous employer Edit to add insider threat is the biggest threat on your list, at least for us. Hardest to defend against Same here. We pen test on a random schedule. And let me say it, Fedramp & NIST can be a bish for a lot of smaller organizations. |
|
|
|
Posted: 5/7/2024 9:46:21 PM EDT
[#36]
The company I work for is considering hiring a cybersecurity company.
|
|
|
|
|
Posted: 5/7/2024 9:51:34 PM EDT
[#37]
Ours sucks balls; it consists of one guy that sends out bait emails to see which dumb fucks will click on them. Of course, it is always the same people and nothing ever happens to them.
I used to ask him how many people he snagged with them...now it just makes me angry because everyone who doesn't have their head planted in their ass has to do extra stupid stuff because of their complete lack of awareness. |
|
|
|
|
Posted: 5/8/2024 7:13:40 AM EDT
[#38]
Quote HistoryOriginally Posted By 10mmManiac: I can understand why he would want to scan archival websites, more so if they haven't been updated or touched in years. It's not that you can back them up in a moments notice, it's the fact that if these sites become compromised and used in an attack, its his ass if he's failed to have his teams include them in routine security audits. I'd rather have a CISO that wants to invest and spend money securing assets rather than skimping out and playing the what if game and then waiting until things go sideways to try to triage it all. My first question would be, why are these sites even still up if they are not being updated regularly. I was a bit unclear here. So, the site is an archival site for a project that completed a while back, but the content is still referenced in RFCs and other documents. Hence the continued presence on the network. We do scan / maintain it - but we don't pay $$$ to scan it with a commercial tool. It is scanned with open source tools commensurate with the level of risk. It gets regular software updates - it is the content that is static. I just don't see the ROI on spending thousands of dollars a year to scan it, especially when it is otherwise identical in terms of OS / webserver / etc software to other VMS that we do scan with the expensive tool. |
|
|
|
|
Posted: 5/8/2024 7:19:09 AM EDT
[#39]
It was non-invasive for a while. Then someone in payroll fell for a phishing email, many false tax returns were filed (someone on my team was a victim), and the company lost a lawsuit.
Now we have mandatory monthly cybersecurity e-learning classes, and plenty of fake phishing emails with managers getting reports on who clicked. |
|
|
|
|
Posted: 5/8/2024 7:19:15 AM EDT
[#40]
Quote HistoryOriginally Posted By Kuraki: DOD supplier with CUI so we do our best to comply with the not-yet-rules-maybe-going-to-be-rules-except-when-the-rule-would-eliminate-half-the-supply-chain-proposed-rule. Man I really like the way you put this, going to have to use it myself lol. |
|
|
|
|
Posted: 5/8/2024 7:47:19 AM EDT
[#41]
CISO is a good person. CSO they report to is a true executive; shift blame, totally reactionary. The rest of the organization responds to threats by starting with the wrong people.
But my company’s IT has always been a shitshow. They are just much less lax now than they were. |
|
|
|
|
Posted: 5/8/2024 3:51:06 PM EDT
[#42]
Quote HistoryOriginally Posted By ShooterPatriot: When I first heard the plans for the new rule I was thinking no way we'll never be able to buy anything ever again, especially from smaller machine shops. Quote HistoryOriginally Posted By ShooterPatriot: Originally Posted By Kuraki: DOD supplier with CUI so we do our best to comply with the not-yet-rules-maybe-going-to-be-rules-except-when-the-rule-would-eliminate-half-the-supply-chain-proposed-rule. When I first heard the plans for the new rule I was thinking no way we'll never be able to buy anything ever again, especially from smaller machine shops. I was just at a DLA conference and I think they said they've lost half or more of their suppliers since 2020. I'm sure some of that is NIST/CMMC related but I have to think another part of it is the half dozen agencies a supplier has to interact with just to sell something to fed gov. It's like every time a single problem occurs, instead of resolving it they create another agency to manage it. I remain content as a tier 2. |
|
|
|
|
Posted: 5/8/2024 4:23:26 PM EDT
[#43]
poorly funded with no training, but we sell dog food for the most part.
|
|
|
|
CO, USA
|
Posted: 5/8/2024 4:32:04 PM EDT
[#44]
Quote HistoryOriginally Posted By ParityError: I was a bit unclear here. So, the site is an archival site for a project that completed a while back, but the content is still referenced in RFCs and other documents. Hence the continued presence on the network. We do scan / maintain it - but we don't pay $$$ to scan it with a commercial tool. It is scanned with open source tools commensurate with the level of risk. It gets regular software updates - it is the content that is static. I just don't see the ROI on spending thousands of dollars a year to scan it, especially when it is otherwise identical in terms of OS / webserver / etc software to other VMS that we do scan with the expensive tool. Totally get your point now. But why is it costing thousands a year to scan if you are using open source tools? Can it be lumped in with the other assets that are scanned with the expensive tool? I'm genuinely curious as to why this is costing the company money. |
|
|
|
Posted: 5/8/2024 4:38:26 PM EDT
[#45]
Picking 2 attacks with the most recent one 9 years ago says you need to refresh your data source.
|
|
|
|
MN, USA
|
Posted: 5/8/2024 4:42:11 PM EDT
[#46]
Biggest "threat" will always be humans inside an org.
Admins realize they need to lock down stuff because of outside threats People want to get work done, so they find ways to get shit done "You build a smarter mouse trap/end up with smarter mice." Thats not to say outside threats are not real, they obviously are. But don't ignore what it takes for someone to get their job done. "Where there is a will, there is a way" Stop putting YUGE amounts of friction in front of people trying to accomplish a task - you will find out life is much easier that way. |
|
|
USA
|
Posted: 5/8/2024 4:45:11 PM EDT
[#47]
"Based" is not an industry term.
|
|
|
TX, USA
|
Posted: 5/8/2024 4:51:05 PM EDT
[#48]
I am a VAR/ Solutions Provider/ integrat in the infrastructure space. We have been doing a huge focus on Security. Lots of orgs are way behind but now getting budget to fix it up.
Another thing I see is a lot of big organizations that have been buying the best tool for every section of cybersecurity are now trying to consolidate those tools into one provider. We call it platfomitization or tool rationalization. I am lucky to sell my company's services around this - every bit of feedback from our clients has been phenominal, and we work with the best OEM's in the indurstry around ZTNA, SASE, SD-WAN etc. |
|
|
|
Posted: 5/8/2024 4:52:41 PM EDT
[#49]
I've been liking the decade-long shift from "make everything hard and crunchy" to "detect and respond effectively".
|
|
|
|
|
Posted: 5/8/2024 4:57:11 PM EDT
[Last Edit: Airborne11B]
[#50]
My org is pretty forward thinking and my management is always receptive to my briefs on new attack vectors and limiting our attack surface or using newer better automated signature based tools. My team is equally good at ensuring our security architecture is up to snuff.
Our legacy ground systems kind of suck but they’re all performing non primary mission essential functions and are closed systems with very little communication to the outside world. Mostly add on stuff that taking advantage of a bird that’s out (or close to it) of fuel and just sitting in GEO. |
|
|
|
AR15.COM is the world's largest firearm community and is a gathering place for firearm enthusiasts of all types.
From hunters and military members, to competition shooters and general firearm enthusiasts, we welcome anyone who values and respects the way of the firearm.
Subscribe to our monthly Newsletter to receive firearm news, product discounts from your favorite Industry Partners, and more.
Copyright © 1996-2024 AR15.COM LLC. All Rights Reserved.
Any use of this content without express written consent is prohibited.
AR15.Com reserves the right to overwrite or replace any affiliate, commercial, or monetizable links, posted by users, with our own.
