this post was submitted on 19 Jan 2024
59 points (84.7% liked)

Technology

59598 readers
3457 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

JPMorgan Chase fights off 45 billion hacking attempts each day::JPMorgan Chase says it has seen a sizable increase in attempts by hackers each day to infiltrate its systems over the last year, highlighting the escalating cybersecurity challenges the bank and other Wall Street titans are facing.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 15 points 10 months ago* (last edited 10 months ago) (1 children)

Clarification: An earlier version of this story included comments by Erdoes on the number of hacking attempts made on JPMorgan systems last year. A spokesperson clarified after the panel session that Erdoes was referring to all observed activity collected from JPMorgan’s technology assets, malicious or not.

The title is bad. One scan that generates thousands of alerts is generally considered one event. Companies that have a massive footprint naturally get many thousands of scans a day. It's normal.

Also, +60,000 people and $16 billion dollars is misleading. The people they pay the most are the ones that generally don't know shit about IT. Sure, some of those technologists are probably top-tier, but actual security experts don't usually come in large groups. There are exceptions, of course.

Large companies pay way too much for generic security solutions. In some ways they are forced, because their infrastructure is massive and they need tons of customization but there is always a fuck ton of waste.

Using big numbers sounds cool, unless you are in the industry and understand that there is a ton of fluff involved.

[–] [email protected] 2 points 10 months ago (1 children)

Honestly as a engineer, I sometimes uses puff pieces like this to get my company to act. How many times have I called out a vulnerability that the company goes, "Meh not important".

[–] [email protected] 1 points 10 months ago

It's an art form to get people to give a shit about security. Sometimes puff pieces work, sometimes they don't. Dull numbers are usually more effective: A vulnerability needs to have a specific risk, is easy/hard to execute and could cost the company x dollars if exploited and would only cost x dollars to fix in x amount of time.

You have to summarize the risk and cost to the organization instead of trying to explain the problem in all its detail.

You probably knew that, but just passing along how I have had to cope over the years.