‘I employ a lot of hackers’: how a stock exchange chief deters cyber-attacks::Six Group, which operates the Swiss and Spanish bourses, is a target for cyberwarfare and must be on guard, its boss says

    • phx
      link
      fedilink
      English
      arrow-up
      18
      ·
      1 year ago

      Pretty much a lot of “training” in cyber security is a mix of best-practice and how to hack shit, so employing people who have experience in the field isn’t a terrible idea provided you can vet them.

      After all, Mitnick started up a successful cyber security company and many others have hired people who have been caught doing clever but naughty stuff due to being curious and bored target than actual malicious intent.

      At the least, you’d probably be more likely to get somebody who knows how stuff works as opposed to some of the “I clicked the scan button and ran a pentest report sorted by CVSS score” types who know jack shit about actually security.

    • cynar@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      ·
      1 year ago

      “Poachers make the best Gamekeepers” has been a trope for centuries. “Hackers make the best Cyber Security Experts” is just the modern iteration of it. You’re screwed if you try and do it on the cheap, but pay them well and they are happy. They get to use their skills, and play, while their money is now all legit.

  • AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    This is the best summary I could come up with:


    Its operations, which include the Spanish and Swiss stock exchanges, count as critical national infrastructure and this gives it a close relationship with governments and regulators in Madrid and Zurich.

    The hack earlier this month on the Wall Street arm of China’s biggest bank, ICBC Financial Services, has put cybersecurity at the forefront of economic security debates again.

    The move disrupted the US Treasury market by forcing ICBC FS clients to reroute trades, with some settled by couriering the details across Manhattan on a USB stick.

    Still, the scale and nature of the ransomware onslaught – the same kind of attack that triggered a shutdown of money transfer service Travelex in 2020 – underlines the evolving risk such companies face.

    Six Group has invested in three tranches of cybersecurity, Dijsselhof says: walls to stop people getting in; containment systems for if they do get in; and recovery functions for when someone is “holding hostage” any part of the business.

    After “social engineering” efforts using personal details to target staff were uncovered, badges no longer carry last names, clean-desk policies are far more strictly enforced and the processing and communication of sensitive information is now subject to higher bars of regular mandatory training.


    The original article contains 838 words, the summary contains 202 words. Saved 76%. I’m a bot and I’m open source!