On Tue, Sep 28, 2021 at 11:15 PM Ryan Delgrosso <[email protected]> wrote:
> B: I believe they need to be drawing national attention to this to > highlight what a steaming dumpster fire much of the critical infra really > is. Mostly because its designed to maximize quarterly earnings, not stay > working in the face of adversity. > That's not an exclusive problem to network engineering, or even IT in general. Under another hat, I consult with a lot of healthcare facilities. I'd say somewhere around 40% of my clients are *still* running Windows 7 and Windows Server 2008 on their networks. Why? Because it will cost a few hundred thousand to upgrade/replace all the machines and they want IT costs to look good on paper so they can sell out in a month, a year, or whatever. When I mention how irresponsible it is, I found out most (if not all) of them managed to get "cyber insurance". Did you know you can get a $5,000,000 "cyber insurance" policy from some insurance companies for only $2,500k/mo? Even more astonishing...did you know they will issue that policy after doing a port-scan of your public IPs, and if they find no ports open, they consider you to be secure? They didn't even require something as basic as a NIST 800-171 audit or filling out the most basic of questionnaires. I read one of the policies and was stunned. I'm not a lawyer, but it appears to me the insurance company will be on the hook even though they have no AV, no patch management, no logging/monitoring, and their stunningly incompetent external IT contractor fixes permissions issues in vendor-supplied applications by promoting people to "Domain Admin". No one cares because they'd rather have an external company for $15k/mo as opposed to a competent team of employees for $25k/mo. Looks great on the books that they saved ~$120k last year by "fixing" IT. ;) -A
_______________________________________________ VoiceOps mailing list [email protected] https://puck.nether.net/mailman/listinfo/voiceops
