Today, it’s pretty much inconceivable for a Network Architect to design a system that isn’t
1) centralized,
2) cloud-based, and
3) connected to the Internet.
Shimano, a global manufacturer of bikes and fishing equipment, was breached. For them, the problem wasn’t data encryption, but data exposure. A massive trove of data was exfiltrated, and at least some of it has been published online.
The link to the article:
https://www.bicycling.com/news/a45974423/shimano-ransomware-attack-hackers-published-data/
The “normal” system architecture is predisposed to these types of problems. The instant you connect your data to the Internet, you create a global attack surface.
This is why centralizing your data is a very bad idea.
This is also why making 100% of your data available via the Internet is a very bad idea.
This is also why saving money on Internet connectivity instead of paying for private data circuits is a very bad idea.
You can save money, or you can be secure .
Wait - come to think of it, being secure may actually save money, too.
@fifonetworks
Logically, what do you think is the only way to solve these kinds of problems?
@tadahide
Thank you for the question. I cross-posted this yesterday on LinkedIn. I used your question to form the basis of a continuation of the discussion on LinkedIn today. Here's the link to my reply:
https://www.linkedin.com/posts/fifonetworks_callmeifyouneedme-fifonetworks-cybersecurity-activity-7136066149686935553-0OhQ?utm_source=share&utm_medium=member_desktop
Why should companies care if the only repercussions are offering payment for 12 months of credit monitoring post data leak to those suspected of having their information exposed?
You propose things that are way more expensive to organizations that place nearly no value preventing these events and have almost no external incentives.
