There is also the fact that IT is seen as cost center that needs to be minimized. Even though the upfront cost is expensive the budget keepers and profit margin monitors donât realize the even higher cost when oh we just lost 3 days or more of productivity from everyone is the cost of not paying up front when the IT folk ask for it.
Until that changes and it wonât till this really hurts a big firm bad. Sadly to what I have seen in 20 years of corporate IT support it doesnât change till they learn the hard way.
So much this. Iâve been at organizations where IT is forced to grant local administrator privileges to large swathes of the company, and where we couldnât use AppLocker because itâs âtoo constrictive.â Of course, there are third-party solutions, but anything above $0 is an âunreasonableâ cost. Oh well, hope you have good backups.
Luckily where I work figured some things out ahead of the curve (still somewhat the hard way just a lot eariler)
Very few people have local admin rights, basically developers and such or the few bits of software that require it and that is audited and approved every year. I found that I got along just fine without it when they took it away from us as server admins.
We use different accounts to do server admin work than what we use for email, etc. Heck I have to get an exception to use a password for my day to day account cause stupid Rational products are not smart card aware.
When I had access to the servers that have PII data (and we actually never had access to the data itself, it was all wrapped up in SQL that only the DBAs could fiddle with) it was a quarterly check on access with me electronically checking in and registering my laptop and a scan had to be run on it to look for PII locally, and about a year before I left general server support a background check every 2 years.
Itâs hard to believe that in 2016 people can still be so clueless about this. The Pentagon knows that cyberwarfare is a real thing, and theyâre in the business of killing people. But huge chunks of our computer infrastructure are run by people who believe in the equivalent of magic beans.
Thank God I use a Mac, so I donât have to worry about this stuff.
Was going to say that same thing. The MBAs and others at the top see the IT group as a money sink that doesnât do anything for the company. Then something like this happens and who starts screaming about why it happened and why didnât they have security in place?
Back-up frequently and avoid Microsoft products.
It is not just on microsoft systems. It can come in through your browser ransomware hits phone and tablets. So far it is just a scam, they lock out your browser, but donât access your data. It is just a matter of time.
Iâm inclined to label this trivial, though I may be eating that label in the future.
You forgot the king of legalized ramsomware. Oracle.
Three words: Mandatory. Access. Control.
Ironically⌠not terribly mandatory in most systems. Unfortunately, try getting most users to learn to like it, much less use it.
ETA: On second thought⌠encryption isnât locked up by MAC anyway. I guess this is why Iâm not in IT. 
Thatâs what I donât understand. Most all methods of paying someone significant amounts remotely are traceable. How do they not get caught by just following the money?
simply by being in another country where we canât prosecute them.
Speaking of âcost centersâ, my department just lost itâs COLA this year, because an non-technical executive of our IT department (yeah. The guy was the VP of finance, retired, then was hired on as the VP of IT and physical security 3 months later) made a bad decision. To push out new store kiosk software a week before a big sale. It was so rapid the software wasnât tested. The sale was our springtime Black Friday. We had no chance to field test, find any bugs, or develop workarounds for known issues.
He gets to keep his job. We get to not have our pay match inflation.
I know. Weâve been working overtime for two months because of a lack of field testing. Then this bozo decided to completely contradict our workarounds.
He literally sent out an email blast to all our stores telling them to disregard any of the helpdeskâs fixes, and to instead call them into us, and have them documented.
So now we have several hundred tickets for the same six problems, we arenât allowed to tell them how to fix it in the meantime (on penalty of possibly losing our jobs) and the company is still hemorrhaging money.
Sometimes I fantasize that if only we as a department could sabotage that guyâs stuff just right, heâll end up looking like the unqualified moron he is in front of the CEO, and thatâll be the last we see of him.
Why do you have to hurt my brain like that on a Friday?
Exactly. Working helldesk, when I get sharp remarks from executives, I sooooo badly want to say âI keep your Point of Sales running. Do you have any idea how fast you wonât have any money if someone on my team decided to sabotage them?â
Count yourself lucky. I have to live with it.
Iâve crawled the IT trenches myself. I feel your pain.
