The biggest difference, however, is that almost all cyber crimes are preventable.<p>The level of op-sec in most large companies, personal accounts, and even critical infrastructure is abysmal. Once a vulnerability is discovered and a patch is released, the bad guys know they have a guaranteed in if they act quick enough. And they do. All they have to do is beat the Sysadmins.<p>Here’s a hypothetical:
MS discloses a vulnerability in Word and advises an immediate update. Well, the SysAdmin is overworked and can’t get to it this week. Friday, Suzy in HR gets an email with a malicious word doc. She opens it.<p>The bad guys are in. And chances are, word isn’t the only piece of software that missed a vulnerability patch. The hacker gets privilege escalation and crypto-locks the computer. And of course, there were no backups of the data. So, the company pays the 35K or whatever in bitcoin.<p>Where could this have been stopped?<p>- Better updating protocols for vulnerable software
- Teaching Suzy in HR not to open random file attachments
- Frequent, immutable backups<p>Only one of those things has to happen, and you wouldn’t have had to pay a single satoshi to the bad guys.