• jubilationtcornpone@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    7
    ·
    1 year ago

    Breaches are one of those things that no one cares about until they happen. Assessing and mitigating risks is costly and no one wants to spend money on that.

    And let’s be real, the penalties for data breaches, especially ones that transpired due to willful negligence, are an insufficient motivator. It happens so often that the public just kind of forgets about it the next day.

    Remember the Equifax breach in 2017? The one where the personal data of 147 million people was exposed? Well Equifax got a slap on the wrist when they should have been fined into oblivion. That’s the only way businesses will start taking cyber security seriously. The US desperately needs GDPR-like legislation because at this point our collective lack of data privacy and security is a joke.

    • The Bard in Green@lemmy.starlightkel.xyz
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      1 year ago

      Breaches are one of those things that no one cares about until they happen.

      You have people like me on the inside repeating “Spend money now or lose money and reputation later.” The only time I had a client REALLY listen was when the government made them, and then they wanted to figure out the cheapest way to do the bare minimum.

      But capitalism is great and keeps us safe and free y’all!

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      I’d be happy with a federal level recognition to a right to privacy beyond the 4th amendment. That alone might be enough to drastically increase the ramifications for breaches made possible through negligence and could include jail time.

      • edric@lemm.ee
        link
        fedilink
        arrow-up
        4
        ·
        1 year ago

        It’s a term used for when IT operations teams want to keep the status quo design of their environments when upgrading or modernizing their infrastructure, instead of fixing and securing things while they’re at it. The common excuse is that they will fix issues once migration/upgrade is complete, either because they’re on a tight timeline to do it, they’re afraid of breaking things, or just plain lazy. They will say it’s temporary until things have settled down. And we all know there’s nothing more permanent than a temporary implementation. The result is the same issues and problems exist, just on new infrastructure.