cross-posted from: https://lemmy.zip/post/38383029
Opinion: We need to make taking IT systems ‘off the books’ a problem for corporate types
When a building needs maintenance bad enough that it doesn’t pass a set of regulations, it will get closed until fixed. Maybe we need something like that for IT infrastructure
It already works like this. Audits perform this function. Failing a mandatory audit generally goes very poorly for financial companies. The unintended result is falsified audits - something my former company did (still does?) every year. The banks and the Fed never found out.
The insurance industry is filling in this gap right now for cyber insurance. They are requiring a certain level of security before they will write a policy. Try doing business with any other company without a huge cyber insurance requirement in the contract.
Sometimes I wonder what’s true economic damage here from lack of proper security practices. This shit cascades to millions of other problems from financing terrorists to leaking private data. Don’t even know how this could ever be measured but my guess would be that it’s very substantial.
Company I work for just got ransomed lol. Computer systems are down.
