@realn2s
legal obligation within the data protection laws - heavy fines.
Use examples of companies heavily impacted or closed... https://www.bbc.co.uk/news/articles/cx2gx28815wo
Customers assume security but don't want it to cause friction in what they want to do.
This brings me to an idea which nags me already for quite some time.
There should be a collection of stories about little #CyberSecurity breaches/incidents.
Let's call it the #BigBookOfLittleBreaches
I believe that the usual spectacular breach reports were TB of data, or millions of user records were stolen, or millions of Dollar/Euro were transferred. ...
Would it be much more relatable to have stories about individual persons who lost (memorabilia) data, 100s or 1000s on money?
Or a small company having considerable effort to get back to a working state, or lost 10th or 100s k of Dollar/Euro?
@DaRC_Fantom
Nice example. Sound like a good story for the #BigBookOfLittleBreaches 馃槂
(https://infosec.exchange/@realn2s/112240250364961390)
In my experience the "legal obligation", "heavy fines" line doesn't work too well 馃槧
It shifts the goal from providing adequate security to just avoiding the fines 馃槧
And this sadly, often can be accomplished by transferring the risk (it's someone else's fault or problem) instead of eliminating or reducing the risk
E.g. by just adding some documentation of what "users" need to do to stay secure and blame them if they didn't do it.