You would be shocked at how behind most companies are regarding cyber security. Very few companies can track real-time infiltration, the logs take a while to go through without expensive software.
Apple is unique, they use off the shelf firewalls and run an internally developed software package for real-time monitoring.
Its local government that irritates me. They waste massive amounts of money and don’t stay compliant.
A Seattle woman has been arrested and charged with hacking into Capital One and gaining access to over 100 million customer accounts at the U.S. bank.
Women in STEM
I'm not sure what the point of that comment is, or how it matters. But, just as a point of detail, 'she' wasn't actually a woman.
GeorgeBMac said: Yeh, like the banksters, for them, any cost is simply a cost of doing business -- partly because the company that got hacked suffers relatively limited, minor damage. It's us, their customers, whose data was stolen and are at risk for ID theft and fraud.
Yes, the costs (fines and/or reputation impact) just aren't high enough yet. I suppose eventually one of these companies will start taking the Apple approach and considering security a feature to invest in and advertise (though, a bit risky). The bar is just so low right now.
rob53 said: Nor is the fact they were hosted on AWS. Isn’t Amazon complicit in failing to protect (encrypt) the data? Why wouldn’t all data on AWS be encrypted? Now the NSA and FBI know where to go to get all the data they need.
Um... no. You cannot make a company responsible for the theft committed by its customer.
Amazon's cloud offerings are pretty raw. It would be up to the bank to encrypt that data they are storing there. However, I'm guessing some kind of access to that storage 'bucket' must have been involved. I don't see anything about a fundamental flaw in the S3 storage that allowed access from one account into another.
Comments
Apple is unique, they use off the shelf firewalls and run an internally developed software package for real-time monitoring.
Its local government that irritates me. They waste massive amounts of money and don’t stay compliant.
edit: partially redacted to not get fired
Yes, the costs (fines and/or reputation impact) just aren't high enough yet. I suppose eventually one of these companies will start taking the Apple approach and considering security a feature to invest in and advertise (though, a bit risky). The bar is just so low right now.
Amazon's cloud offerings are pretty raw. It would be up to the bank to encrypt that data they are storing there. However, I'm guessing some kind of access to that storage 'bucket' must have been involved. I don't see anything about a fundamental flaw in the S3 storage that allowed access from one account into another.