> Getting everyone to take security more seriously will most likely never
> going to happen..If this is the case then we are screwed... I hope its not the case, I hope
that the customer service folks at ISP/NSP's and NOC and Engineering folks
all keep this in their minds and push their upper management to start
doing the right thing. It really doesn't cost that much, and its certainly
cheaper than the cost of outages or lost revenue when your business is
DoS'd, eh?
When the insurrance companies get involved and charge a larger premium to
corporations not implementing reasonable security policies and procedures
then the situation will improve.
Time and time again I have seen corporations do nothing about a problem
(physical safety, physical security, network security) until it hurts the
bottom line.
Also, a large profile (e.g. in the mainstream media) network security
incident against a large corporation would again bring attention to the
problem. I think that if a network security incident had brought Enron to
its knees, rather than questionable accounting, people would be taking
more notice of the problem.
- Michael Hogsett