
Equifax CEO: All Companies Get Breached - LopRabbit
https://news.slashdot.org/story/17/09/30/2036215/equifax-ceo-all-companies-get-breached
======
dawnbreez
All companies get breached; not all of them get breached via vulnerabilities
that were known and patchable for two months prior to the breach being
detected. Further, not all companies handle such large amounts of sensitive
information. Equifax's IT staff should have known better, as a whole. I have
seen it argued elsewhere on the internet that their CSO, who only had a degree
in music, should not be blamed for the breach; I have also seen statements
claiming that cross-field collaboration is important, and that many
innovations have come from people working outside of their main field of study
or from uneducated backgrounds. Neither of these statements excuses what
happened. Further, I would argue that if the Equifax CSO were innovating in
her field by bringing some sort of new insight to security, we would not be
talking about aa breach.

------
ineedasername
A "two-wrongs make a right" argument is hardly one that obtains here. First,
the truth of that statement is irrelevant: Most hacked companies find
themselves in that situation, as was the case here, through poor practices.

Second, this is Equifax. A company that includes in its product portfolio
monitoring tools for those unfortunate enough to have their information
compromised. Explicit in this is an acknowledgement of the seriousness and
need to keep such information very well protected.

Saying "all companies get hacked" is akin to a lock company having its offices
get broken into and master keys stolen and duplicated for all of its locks.
And not through creative picking but simple lock bumping of insecure locks.
And then saying, "well all businesses get robbed sometimes".

If such a hypothetical company were very, very lucky, they might still exist a
year on from the the breakin.

