Profile picture
Alec Muffett @AlecMuffett
, 7 tweets, 5 min read Read on Twitter
@NCSC Hey Mat; your categorisation has issues at the very first hurdle - understandable considering that it comes from a perspective of attribution. In the private sector it's rarely about how godlike the attackers are, it's about how long they persist before if they get bored.
@NCSC It's a concrete example of the old joke about "I don't have to outrun the bear, I just have to outrun you" - the private sector is not and should not be collectively responsible for each other's security. As such we strive amongst ourselves to be secure sufficient to our needs.
@NCSC Of course one of the benefits of a "elitism based approach" to qualifying hacking risk is that it sediments GCHQ as role as arbiter of how bad threats are; NCSC becomes a bit like the IOC, vetting the state of the hacker "athletic" field...
@NCSC But if you stopped the cyber and instead promoted "bug bounty programs" (for one) - British companies would learn how vulnerable they are to (say) a solitary Indian teenager, delightful in person, who is really really focused on your risk posture.
@NCSC And - get this! - he will tell you what's wrong for a nominal fee and be delighted when you reward him for it, and you will build a relationship, going forwards. Everybody wins.

This is why the mythos of state attribution is deeply harmful to British cybersecurity.
@NCSC Please @NCSC, please @GCHQ, come out of the cold of spycraft - yeah, sure, there are Russian trolls and Chinese intellectual property thefts - but there are a zillion more startups with shoddy security who are better served by bug bounty programs than a culture of pentesting.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Alec Muffett
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!