- F*ck your customers over by gross negligence and sheer greed (or stupidity, or both)
- Get caught with your pants down
- Dump your stocks and cash out
- Apologize when customers and media express outrage
- Go to Congressional hearing and repeat the magic words "I do not recall" for every question
- Find 1 low-level scapegoat employee
- Fire that employee and declare that the company is now 'clean'
- Avoid any jail time for wrong doing by paying a fine
- Collect your 'Golden Parachute' = MILLIONS and slide into a new CEO Job.
- Rinse and repeat.
White collar crime pays. Big time.
And almost no-one ever goes to Jail -- unless they have the bad-fortune of being prosecuted by A.G. Preet Bharara (record of 79-0 conviction obtained), which is also not relevant since Trump fired him soon after taking the White House Office.
There's a mantra at my company that you can't assign blame for a problem to a particular person. If one person is capable of breaking your system, you have a bad system. The focus isn't on finding the one person or the one mistake that caused it, but fixing the process so one person or one mistake can't wreak that much havoc. I think it's a very good philosophy.
I remember the huge AWS outage that happened and was due to one engineering fat fingering a command. Instead of firing him they put in policies in place so that can't happen again.
Has this mantra been stress-tested in the real world with a large scale data breach?
Edit: to add to his, what I mean to say is: it's great that (some) companies have this culture internally. It remains to be seen whether the mantra would survive a sufficiently large scandal. Maybe that's when the legal team comes in with the damage control plan as outlined in another comment by @justboxing.
I work for AWS. We haven't had a breach, but consider that S3 outage not too long ago, which was due to one engineer fat-fingering a command. Rather than blaming or disciplining that person, AWS changed the process so that people aren't manually typing in those commands.
Having just a single point of human failure standing in the way of leaking 145M people's data is already negligent. Trying to foist responsibility onto this poor individual (presumably some lower-rung employee) is shameful and just goes to show how ripe their corporate culture was for something like this to happen.
This is shamefully terrible leadership. If you're the CEO and a subordinate fucks up, it means you fucked up. At the end of the day the performance of the entire company is your responsibility.
Yes, him. Guess what, you are (were) the CEO and you are legally required to be responsible for what your public company does. Blaming anyone else is what terrible CEOs do.
IMO, the board of a public company is responsible for overseeing risk, audit and internal controls, and the CEO is the one person most responsible for ensuring the company acts in accordance with those directives on a day-to-day basis. That an error could be made by a worker is human, though an automated system could also suffer a fault. Audit would have caught a gap, risk management would have caught a vulnerability, and internal controls would have detected incomplete work were these practices properly designed and deployed. Good CEOs look at governance, process, oversight and don't fling muck at employees.
Apparently the data was stored in plain text. Sorry, but if not applying a patch to your Web framework is enough to make it that vulnerable, there are other problems in your infrastructure, your architecture and your process.
FTA "The notion that just one person didn’t do their job and led to the biggest breach in history is quite an amazing claim and shows a fundamental lack of good security practices."
"Amazing" is a word I would use, but not the first one. Or even one of the first few.
If one person not doing their job leaves the entire credit card holding populous of the US vulnerable to this kind of data leak.... then there was a lot more then one person not doing their job.
Well, that person, that person's boss, and so on up to the CEO. The one who is paid such a large salary to ultimately be responsible for the entire company.
People (generally) do the best job they can within the constraints they operate under. If someone isn't, say, patching things in a timely way, the most likely explanation is not that the person is lazy or stupid, but that the system is broken.
And if you run a company with a lazy, stupid person being on the critical path for your most important systems? Your systems are broken, because that person shouldn't be there.
- F*ck your customers over by gross negligence and sheer greed (or stupidity, or both)
- Get caught with your pants down
- Dump your stocks and cash out
- Apologize when customers and media express outrage
- Go to Congressional hearing and repeat the magic words "I do not recall" for every question
- Find 1 low-level scapegoat employee
- Fire that employee and declare that the company is now 'clean'
- Avoid any jail time for wrong doing by paying a fine
- Collect your 'Golden Parachute' = MILLIONS and slide into a new CEO Job.
- Rinse and repeat.
White collar crime pays. Big time.
And almost no-one ever goes to Jail -- unless they have the bad-fortune of being prosecuted by A.G. Preet Bharara (record of 79-0 conviction obtained), which is also not relevant since Trump fired him soon after taking the White House Office.
Related: Here's Preet Bharara's Amazing 79-0 Insider Trading Conviction Score Card - http://www.businessinsider.com/bharara-insider-trading-convi...