Hacker News new | past | comments | ask | show | jobs | submit login

> I guess the time between "tech person discovers a security breach" and "top executives discover it's a huge embarrassing crisis" is more than a couple of days.

That's exactly right. I can imagine the gradual motion up the chain of command, with the progress actually slowing down as the size of the breach and potential exposure becomes more and more apparent, and each level trying to minimize the damage. I'd have hated to be the guy that had to tell the CEO...




Silicon Valley did it best, and it's funny because it's true: https://www.youtube.com/watch?v=ddTbNKWw7Zs


C-levels aren't notified of anything until there are concrete details to share. They don't want to be notified of every port scan or bruteforce attempt, nor do they want to deal with the scope of a confirmed breach changing on a daily basis ("yesterday you told me only N consumers were compromised, now you're telling me it's worse?!")-- a bad situation that gets reported as worse and worse every day is great for Fox News, but bad for shareholder confidence.

It's better for them that they don't know anything until they know everything.

"The guy that had to tell the CEO" (actually woman) was one of the two parties who resigned the other day.


Depends on the industry. Companies in certain highly-regulated industries are required to escalate even a minor breach of security ("We think something could possibly have happened, but there' no evidence anything did.") to C-level ASAP. One place I worked, if a breach was discovered by a janitor should make it to the C's within 24 hours or everyone in-between would be reprimanded, if not sacked.

But that was a very specific (and again, regulated) industry.


Owen Davis of Dealbreaker is skeptical:

When did the company learn of this incident? "We learned of the incident on July 29, 2017, and acted immediately to stop the intrusion and conduct a forensic review."

The trades in question took place between three and four days later. During this time, Equifax would have us believe, these three senior managers were kept in the dark about the fact that hackers had undertaken what may be the largest-ever private security breach right under their noses. Moreover, we’re to understand that even the chief financial officer remained unaware as the company “acted immediately” to right the ship.

http://dealbreaker.com/2017/09/equifaxs-execs-explaining-to-...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: