Monday, October 2, 2017

There is no "Get Out Of Blame Free" card

from here

Over and over again we see examples of breached organizations claim that it was the work of state-sponsored attackers, seemingly as a way of deflecting blame in spite of the horrendously bad security practices that are almost always uncovered. This needs to stop. I realize that anyone can be breached, and that if your targeted by state-sponsored attackers there's probably nothing you can do - but that doesn't give you a licence to do nothing. As the title of this post says, there's no "Get Out Of Blame Free" card - you've got to work hard for your absolution.