10K or 20M in GDPR, the fact is that most organizations that are attacked are those whose security is poor for budgetary reasons. There are some rich but stupid, but most of them are poor. in security, like life, it's better to be young (technology wise) and rich than old and poor.
ITschak On Sat, Jun 22, 2019 at 7:40 PM Bill Johnson < 00000047540adefe-dmarc-requ...@listserv.ua.edu> wrote: > Up to 10k per HIPPA violation. > > > Sent from Yahoo Mail for iPhone > > > On Saturday, June 22, 2019, 11:59 AM, Donald Blake <dhbl...@gmail.com> > wrote: > > If a company can't afford to do computing correctly, and that includes > doing it securely, they shouldn't have computers in house in the first > place. Particularly medical related companies such as hospitals. That's a > HIPPA violation waiting to happen. Which in the US, carries potentially > severe consequences. > > Date: Fri, 21 Jun 2019 13:33:39 +0300 > From: ITschak Mugzach <imugz...@gmail.com> > Subject: Re: mainframe hacking "success stories"? > > Radoslav, > > Many clients I visited allows local admin authority on windows workstation > to the machine user for ease of management. However, we get clients monthly > reports on success and failures from some clients of us. Most of them > respond well to attacks and block them, so even their workstations are > protected. > > I believe it is a question of budget. Banks can afford protection that > hospitals can't (and bankers can afford better medical treatment than > others...). If you look at the names of clients that were hit by such > attach, it is almost always a client that can't afford a complete security > systems. > > On the mainframe, only few datasets are owned by en users, most of them are > not significant to the user (ISPF temporary datasets, some "on work" job or > source code libraries that most of them are on the change management store, > etc.). How many DB2 data tables can be updated by human clients directly? > Near if not zero. So,from the attacker point of view, no much to > encrypt,unless he get a service account. This is more complex to perform. > > and as I always say, security cost you a lot, but if it works, managers > doesn't see the value of it. > > ITschak > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- ITschak Mugzach *|** IronSphere Platform* *|* *Information Security Contiguous Monitoring for Legacy **| * ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
