c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
Community Rules
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub
Notable mention to !cybersecuritymemes@lemmy.world
Given tech companies and downscaling and blackhat llms are now a thing, I clearly picked the wrong career path.
There is insurance for ransomware. Most companies I know, has bought it (surprisingly popular). I'm not surprised that the companies would be willing to pay
Do the insurance companies employ negotiators?
They hand it off to other companies that specialize in auditing and overseeing the hack resolvement. If their partner company decide, that it's worth paying. Then they pay.
If the partner company decides to try and negotiate, they can I guess... Hard to say, never saw how insurance plays out when a true hack occurs.
Companies should tie CISO contracts to ransomware payouts.
We'd instantly have better protection AND make it financially unviable for future attacks as the CISO's would have to pay out from their own wages.
I doubt it would be of any use. Most companies underfinance IT and security, while CISO just writes "rules" on how things should be, instead of overseeing actual hardening.
CEOs on the other hand being financially or criminally responsible, may lead to something.
At least the EU NIS2 directive has the right idea about it
In some countries, it is a criminal-offense to pay criminals, to provide profit to crime.
How selectively-peculiar that that law isn't being applied when people pay ransomwere-gangs..
Hmm...
_ /\ _