cross-posted from: https://discuss.online/post/31211123
I honest to fucking God don’t understand how cybersec is so fucking bad that there are so many damn data breaches that I lost count. I had a few accounts on chatgpt (that I dont use anymore) but they are all compromised now…
Just what the fuck is this shit? Are they done by lone actors or cybercrime gang? Or are they state actors or state-backed actors? Or are they inside jobs to allow the company to sell data illegally to make more money? Flock has admitted to using data from data breaches to their system.
You also notice how rarely you hear about cybercriminals getting caught? It’s almost like if you take even a minor bit of opsec you can get away with anything.
IMO the problem with companies doing “fast” technology (i.e. AI) do so by pushing security aside to get things through the pipeline and into production as quickly as possible. Security has always been a “blocker” to development teams because it slows them down with all the, you know, requirements to make a product/application secure. Unless you have security-minded leads or a security representative in the C-suite (i.e. CISO) who has significant influence, half-baked and insecure products will continuously be pushed out.
Yep and then devs solved the problems of these damn IT sec people getting in the way and created “SecDevOps”. Oh it’s lean and Agile and everything but it’s dev and sec and production all in the same bucket with all the well known problems of pushing things too fast and not checking or testing enough (see CloudFlare etc).