Was this always happening in this big scope? Leaks of games, data that is stolen, all these breaches in big companies. Feels like I see this everyday

    • @[email protected]
      link
      fedilink
      2611 months ago

      Security people can help, but often can’t. The issue is with software design, and most companies struggle to properly fund that.

      • @edgemaster72
        link
        1311 months ago

        In addition, I don’t have data to back it up, but I feel like social engineering plays at least a part in many if not most of the big hacks we see happening

        • FuglyDuck
          link
          English
          1711 months ago

          Social Engineering is absolutely the lions share of how things get done. Remember: Never work the system if you can work the people running it.

          This is true of hacking, yes, but also just navigating all the bullshit bureaucracy that surrounds modern life. For hackers, cracking good passwords is almost impossible (this is to say, it is possible but it takes… a very long time. Longer than they have.) So they rely on people having terrible password discipline- they’re using phishing schemes to get passwords and guess similar passwords at other places.

          They’re also using social engineering to convince your cell phone company they’re you… at which point the cell phone CS rep becomes extremely helpful in bypassing any security that normally routes through your phone. (Like, say SMS 2fa. Or phone call 2fa,)

        • @berkeleyblue
          link
          311 months ago

          It does. And also just plain old bribing. I work for a big Tech Company, and while I‘m only a Retail employee, I have been offered quite some money throughout the years to share my logins (which honestly wouldn’t get you very far). People with more acces than me (Managment or Support employees) apparently received offers in upper 5 Digit territories. If you ask enough people, I‘m not 100% confident that all would say no to that. But to be fair, there’s a lot of hurdles now in between those things with acces being restricted to internal networks, multi factor and trusted device policies a real crackdown on who has access to what. Passwords allone don’t get you very far anymore.

      • netburnr
        link
        English
        111 months ago

        Yeah, it’s a struggle with there are a dozen zero days a year for multiple brands/applications. I have at least 4 people always doing some sort of upgrade or patch being reported by infosec.

    • @CluckN
      link
      811 months ago

      My tinfoil hat security cycle is as follows

      Company experiences a breach > Hire an expensive internal security team > wait 3 financial quarters > new suits wonder why they spend $$$ on security if nothing has happened > lighten security team

      • @Inucune
        link
        111 months ago

        There is money to be made in getting hacked.

    • @[email protected]
      link
      fedilink
      511 months ago

      Or companies do hire security, but the security team is incompetent and unable/unwilling to adapt to new challenges. Then it devolves into security theater, until either someone new comes who cleans house or a breach happens.