Partially. Too much of the software and defenses require the user to act in a specific way to complete the defenses. And humans are not rational beings. This gives attackers ways to circumvent the security measures. This in addition to cybersecurity too often being an afterthought.
Comment on The Insomniac Hack Reveals The Ugly Truth Of Video Game Hype - Aftermath
vexikron@lemmy.zip 10 months ago
To me the real story here is that the field of cybersecurity, and actually proprietary software in general is a giant fucking scam: we see hacks happening constantly to huge companies and government agencies.
The only actual known and effective way to combat this in almost every scenario you have ever heard of is to use open source software that can be reviewed by anyone, and when a flaw is found, an alert can go out and then it gets fixed.
Time and time again individuals and large organizations pay for proprietary software that claims it us secure, and often either have cybersecurity ‘experts’ on staff, or consult with a cybersec firm.
And the hacks just keep happening.
Accountability for this is no where. Not in any real, effective sense.
5200@lemmy.world 10 months ago
vexikron@lemmy.zip 10 months ago
Yes, which is why I said ‘and also get employees to follow basic cybersecurity practices.’
If the problem is either company culture or human nature is in the way of implementing cybersecurity properly, and I can assure you that this is true, having managed cybersecurity policies at a large non profit for over a year…
…then the field of cybersecurity should actually be figuring out how to successfully mitigate or solve this issue, they should be focusing on far more than just esoteric techno buzzwords in their marketing, and you know, actually be capable of delivering ‘security’, the thing they claim to sell.
If that means pivoting to things like the imoportance of training employees, developing a security conscious company culture, holding seminars to convince execs and middle management to not have cybersecurity as an afterthought as well as what it actually takes to actually be secure… then the field of cybersecurity should do that.
5200@lemmy.world 10 months ago
Ab-so-lutely! I was n’t aware I challenged your notion. I thought I was merely expanding on it. But we agree.
vexikron@lemmy.zip 10 months ago
Sorry if i came off as too hostile, a bit off the anger may have carried over from explaining to graphics card marketing buzzword enthusiast ninjan, as politely as i could, that he has no idea what its actually like to work for a world class tech firm as a software engineer.
misanthropy@lemm.ee 10 months ago
I’m too lazy to look into this specific one, but basically all “hacks” these days start with social engineering
vexikron@lemmy.zip 10 months ago
Yes, which can be avoided with the basic cybersecurity standard of teaching your employees how to not fall for that.
Literally not much more complicated than ‘dont give anyone your work login and password, If you think something is suspicious, report it to security and never, ever, EVER connect any of your work hardware or accounts to your personal hardware or accounts’.
MudMan@kbin.social 10 months ago
Heh. It's a LOT more complicated than that. Especially post-covid, with everybody ready to support working from home.
Hey, good luck getting hundreds to thousands of people, ranging from engineers to a bunch of kids doing QA to technically illiterate administrative positions and office workers to keep rigid, government-level security standards when each and every one of them has some degree of remote access and mostly are just... you know, going about their lives and going to work every day. You sound like you'd love doing IT for a game studio.
And hey, guess what, all of their work hardware and accounts are probably connected to their personal hardware and accounts. Or are, in fact, the same hardware and accounts. Nobody has time or money to equip every single employee with a second phone and laptop overnight and all of them had to work remotely during the pandemic, just as much as everybody else. It's kind of chilling to know that the games industry is under this level of harassment and these leaks keep happening, because I guarantee any other non-tech industry that has shifted to remote work the past few years is doing much worse at this. Gaming was already weirdly secretive, even when compared to movies and TV or other similar cultural industries.
For the record, games are full of open source software (and closed source as well). Go check out the list of OSS on any game's credits. They still have to comply by disclosures required by most licenses, so it'll be in there somewhere.
vexikron@lemmy.zip 10 months ago
Uh… I have managed and maintained cybersecurity policies for a non profit albeit not as head of IT but working in close cooperation with him as the team i was on was in charge of a huge system that nearly all employees and definitely all our clients used.
We successfully managed to not have any cybersecurity incidents while I was working there.
We gave everyone work phones and work laptops because that is how you do cybersecurity right.
And uh, no, if youre going by companies specifically being targeted and compromised by hackers, as opposed to hackers going for anything connected to a widely used software service, uh, gaming companies are actually doing far worse than other industries, likely due in large part to incompetent management.
Sure, yep, its chilling that employees at video game companies are at risk because their management is incompetent.
No clue what you mean by ‘gaming was always weirdly secretive when compared to movies and music.’ Music and movies are even easier to pirate than video games which have to be cracked… Not sure what youre talking about here.
And oh dear god here at the end youre going to ‘for the record’ inform me, a person who has written code for game mods for 20 years and professionally for various roles in the tech industry for a decade that games have open source and closed source code in them.
Thats not even relevant to how a whole company’s network gets breached and its employees get basically doxxed.
The… the video game company’s internal software for managing employee records, clock ins, clock outs, wage payment, emails, etc, is different from the software it uses in its product, the game.
It doesnt matter if a game has OpenGL and a bit of a liscensed proprietary physics engines.
Thats not connected to the company email server.
Why do you have such an arrogant attitude when you have no idea what you are talking about?