[VoiceOps] Bandwidth - Monday Outage

Aaron C. de Bruyn aaron at heyaaron.com
Wed Sep 29 10:58:22 EDT 2021 

On Tue, Sep 28, 2021 at 11:15 PM Ryan Delgrosso <ryandelgrosso at gmail.com>
wrote:

> B: I believe they need to be drawing national attention to this to
> highlight what a steaming dumpster fire much of the critical infra really
> is. Mostly because its designed to maximize quarterly earnings, not stay
> working in the face of adversity.
>
That's not an exclusive problem to network engineering, or even IT in
general.
Under another hat, I consult with a lot of healthcare facilities.  I'd say
somewhere around 40% of my clients are *still* running Windows 7 and
Windows Server 2008 on their networks.
Why?  Because it will cost a few hundred thousand to upgrade/replace all
the machines and they want IT costs to look good on paper so they can sell
out in a month, a year, or whatever.
When I mention how irresponsible it is, I found out most (if not all) of
them managed to get "cyber insurance".

Did you know you can get a $5,000,000 "cyber insurance" policy from some
insurance companies for only $2,500k/mo?
Even more astonishing...did you know they will issue that policy after
doing a port-scan of your public IPs, and if they find no ports open, they
consider you to be secure?
They didn't even require something as basic as a NIST 800-171 audit or
filling out the most basic of questionnaires.

I read one of the policies and was stunned.  I'm not a lawyer, but it
appears to me the insurance company will be on the hook even though they
have no AV, no patch management, no logging/monitoring, and their
stunningly incompetent external IT contractor fixes permissions issues in
vendor-supplied applications by promoting people to "Domain Admin".

No one cares because they'd rather have an external company for $15k/mo as
opposed to a competent team of employees for $25k/mo.  Looks great on the
books that they saved ~$120k last year by "fixing" IT. ;)

-A
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20210929/c78e8ee8/attachment.htm>

More information about the VoiceOps mailing list