Just another day in America...
Weeks after a cyberattack crippled the San Bernardino County Sheriff’s Department computer systems, county officials confirmed that the hackers had been paid a $1.1-million ransom.
The ransomware attack, discovered in early April, forced the department to temporarily shut down some of its computer systems, including email, in-car computers and some law enforcement databases, including a system that deputies use for background checks.
After negotiating with the hackers, San Bernardino County paid slightly less than half the total — $511,852 — and its insurance carrier covered the rest, said county spokesman David Wert.
@briankrebs Yikes! About personal security online, we have to do better with security. Mastodon users likely have better stats but too few people use a password manager or 2FA.
At the risk of sounding like a Luddite I also think we need to stop requiring people to make so many accounts. If I'm going to deal with your firm once, I probably don't need an account.
It's starting to feel that breaches are just an inevitable part of life.
@Neekerbreeker In my experience it's because many IT providers staff themselves with checklist readers. They just follow the same checklists for IT for the last 2 decades. Sometimes it's because the CEO's son in charge of IT doesn't know anything other than those checklists, sometimes its because they don't want to pay for real IT pros that actually stay current.
That part about creating a plethora of one-off accounts is very accurate. We don't need an app for everything nor an account. All these are is data harvesting and each is a point-of-failure for online security.
And right after sending that toot, I got a notification from my employer's worksite that it's time to change my password. Lol
Aren't forced password changes obsolete? Hasn't this been known for a while? (See link dated 2016.) If I know and even the government knows...why do business IT providers still force this? To look good? That won't help.
https://www.ftc.gov/policy/advocacy-research/tech-at-ftc/2016/03/time-rethink-mandatory-password-changes