Pretty much every company I worked for with the exception of where work now ran there IT department on a dime budget. Running outdated computers and operating systems because they were too cheap to upgrade an application that didn't support the latest version of an OS. Lax patching policies
TechGromit wrote: »
The way I see it, companies need to stop Nickel and Diming there IT department. Pretty much every company I worked for with the exception of where work now ran there IT department on a dime budget. Running outdated computers and operating systems because they were too cheap to upgrade an application that didn't support the latest version of an OS. Lax patching policies, I remember a corporation that owned several casinos I worked for in the early 2000's got hit with malware that pretty much crippled almost all the PC's, while casino property I worked at did have some infections due to PC not being fully updated, it was no where near what one of the properties had, they pulled all the IT staff from other casinos to remove malware and patch hundreds of the computers. A lot of these computers I personally patched literally took hundreds of patches, they were that outdated. Almost no budget for training personnel, a company I worked at for 15 years paid for only two IT courses the entire time I was there. There low pay didn't exactly attract talent either. When I started out at the casino in IT at Bally's Grand, people were earning more money on the casino floor selling change, not to mention they were getting tips too. IT shouldn't be an after thought, if we have extra money maybe we'll upgrade some PC's or buy a new server. I recall the last year I worked at Bally's Grand (it was called the Atlantic City Hilton by then, now bankrupt) I was asked to help come up with a budget to replace outdated PC's and Printers, I came up with what I thought were some very lean numbers for the 500 computers and 50 printers we had and was told by upper management pick you worst 10 computers to replace. I ended up leaving a few months after that, having seen the writing on the wall.
MontagueVandervort wrote: »
This is all I've seen so far. Granted, I haven't had many jobs yet (only 3 and then that's even debatable), but it's always an extreme lack of funds and a laziness/blase attitude towards security. It's "good" to see things starting to change but, but I think the result of all of this is just going to be more people with lower qualifications, understanding, and experience working on these issues.
I'm not sure where I stand yet in terms of ... is it better to have more people working on the issue who have lower skills or less people working on the issue who have higher skills.
At least this may solve one problem, and that is companies are starting to take security more seriously which means over time it "should" become a more expected idea to alott more money in this direction.