- F*ck your customers over by gross negligence and sheer greed (or stupidity, or both)
- Get caught with your pants down
- Dump your stocks and cash out
- Apologize when customers and media express outrage
- Go to Congressional hearing and repeat the magic words "I do not recall" for every question
- Find 1 low-level scapegoat employee
- Fire that employee and declare that the company is now 'clean'
- Avoid any jail time for wrong doing by paying a fine
- Collect your 'Golden Parachute' = MILLIONS and slide into a new CEO Job.
- Rinse and repeat.
White collar crime pays. Big time.
And almost no-one ever goes to Jail -- unless they have the bad-fortune of being prosecuted by A.G. Preet Bharara (record of 79-0 conviction obtained), which is also not relevant since Trump fired him soon after taking the White House Office.
There's a mantra at my company that you can't assign blame for a problem to a particular person. If one person is capable of breaking your system, you have a bad system. The focus isn't on finding the one person or the one mistake that caused it, but fixing the process so one person or one mistake can't wreak that much havoc. I think it's a very good philosophy.
I remember the huge AWS outage that happened and was due to one engineering fat fingering a command. Instead of firing him they put in policies in place so that can't happen again.
Has this mantra been stress-tested in the real world with a large scale data breach?
Edit: to add to his, what I mean to say is: it's great that (some) companies have this culture internally. It remains to be seen whether the mantra would survive a sufficiently large scandal. Maybe that's when the legal team comes in with the damage control plan as outlined in another comment by @justboxing.
Having just a single point of human failure standing in the way of leaking 145M people's data is already negligent. Trying to foist responsibility onto this poor individual (presumably some lower-rung employee) is shameful and just goes to show how ripe their corporate culture was for something like this to happen.
This is shamefully terrible leadership. If you're the CEO and a subordinate fucks up, it means you fucked up. At the end of the day the performance of the entire company is your responsibility.
Yes, him. Guess what, you are (were) the CEO and you are legally required to be responsible for what your public company does. Blaming anyone else is what terrible CEOs do.
IMO, the board of a public company is responsible for overseeing risk, audit and internal controls, and the CEO is the one person most responsible for ensuring the company acts in accordance with those directives on a day-to-day basis. That an error could be made by a worker is human, though an automated system could also suffer a fault. Audit would have caught a gap, risk management would have caught a vulnerability, and internal controls would have detected incomplete work were these practices properly designed and deployed. Good CEOs look at governance, process, oversight and don't fling muck at employees.
Apparently the data was stored in plain text. Sorry, but if not applying a patch to your Web framework is enough to make it that vulnerable, there are other problems in your infrastructure, your architecture and your process.
FTA "The notion that just one person didn’t do their job and led to the biggest breach in history is quite an amazing claim and shows a fundamental lack of good security practices."
"Amazing" is a word I would use, but not the first one. Or even one of the first few.
If one person not doing their job leaves the entire credit card holding populous of the US vulnerable to this kind of data leak.... then there was a lot more then one person not doing their job.
Well, that person, that person's boss, and so on up to the CEO. The one who is paid such a large salary to ultimately be responsible for the entire company.
People (generally) do the best job they can within the constraints they operate under. If someone isn't, say, patching things in a timely way, the most likely explanation is not that the person is lazy or stupid, but that the system is broken.
And if you run a company with a lazy, stupid person being on the critical path for your most important systems? Your systems are broken, because that person shouldn't be there.
justboxing|8 years ago
- F*ck your customers over by gross negligence and sheer greed (or stupidity, or both)
- Get caught with your pants down
- Dump your stocks and cash out
- Apologize when customers and media express outrage
- Go to Congressional hearing and repeat the magic words "I do not recall" for every question
- Find 1 low-level scapegoat employee
- Fire that employee and declare that the company is now 'clean'
- Avoid any jail time for wrong doing by paying a fine
- Collect your 'Golden Parachute' = MILLIONS and slide into a new CEO Job.
- Rinse and repeat.
White collar crime pays. Big time.
And almost no-one ever goes to Jail -- unless they have the bad-fortune of being prosecuted by A.G. Preet Bharara (record of 79-0 conviction obtained), which is also not relevant since Trump fired him soon after taking the White House Office.
Related: Here's Preet Bharara's Amazing 79-0 Insider Trading Conviction Score Card - http://www.businessinsider.com/bharara-insider-trading-convi...
BatFastard|8 years ago
eagerpace12|8 years ago
Deinos|8 years ago
vermontdevil|8 years ago
openasocket|8 years ago
dalore|8 years ago
accordionclown|8 years ago
that's one heckuva excuse, dude.
iaw|8 years ago
If the conclusion blames an individual then 100% of the time the real problem is with the system that gave them that much power.
TheSpiceIsLife|8 years ago
Edit: to add to his, what I mean to say is: it's great that (some) companies have this culture internally. It remains to be seen whether the mantra would survive a sufficiently large scandal. Maybe that's when the legal team comes in with the damage control plan as outlined in another comment by @justboxing.
MBCook|8 years ago
And what about the person who’s job was to make sure that one guy did his job?
And the guy who was in charge of that person?
And the department who’s job was makin sure nothing was insecure?
And the guy managing them?
Yep. All one guys fault. Poor guy, ruining the American credit monitoring system for the rest of us.
caconym_|8 years ago
zipwitch|8 years ago
Doubtless the various lawsuits will be coming back to this testimony for many years.
Thriptic|8 years ago
notacoward|8 years ago
patmcc|8 years ago
That person is the former Equifax CEO.
coldcode|8 years ago
galeforcewinds|8 years ago
dudul|8 years ago
aaroninsf|8 years ago
"Amazing" is a word I would use, but not the first one. Or even one of the first few.
Volundr|8 years ago
s73ver_|8 years ago
rodgerd|8 years ago
And if you run a company with a lazy, stupid person being on the critical path for your most important systems? Your systems are broken, because that person shouldn't be there.
Pharylon|8 years ago
pixel|8 years ago
"Former Equifax CEO says 'There is only one infosec person in our company'"
unknown|8 years ago
[deleted]
ww520|8 years ago
unknown|8 years ago
[deleted]
jacknews|8 years ago
khana|8 years ago
[deleted]
eartheaterrr|8 years ago
[deleted]
whipoodle|8 years ago
jepler|8 years ago