Just own it…

“Even robust defenses and prosecutors aren’t sufficient to protect against the state-sponsored attack, especially when they’re extremely sophisticated and persistent,” Marissa Mayer testified.

Just own it. This “the Russians did it” is becoming a tired trope. There is now way to even conclusively know if a state sponsored entity did do it. From what I understand Yahoo! still doesn’t even know the definitive source of the breach. Moreover, Google hasn’t lost 3 billion IDs, so clearly it’s possible to defend against such attacks.

That said, there is some truth in the statement – a concerted hacker, and it doesn’t need to be a state sponsored hacker, will take most organizations down if they want to. There are very few organizations that can withstand a concerted attack of any sort. I know many people who are capable of getting into just about any company if they put their minds to it. As a defender you have to protect everything, they just have to find one hole.

Still, it happened and when it happens you are responsible as the (once) leader of your company and ultimately it’s security program. Coming from Google you are clearly highly technical so you can’t feign ignorance.

Being at fault and taking that blame isn’t a terrible thing – you are one of thousands, if not millions, of organizations that have been compromised. People get that security is hard. Still, no matter what, if you are the leader, the buck stops at you, not the Russians.

PS: “and prosecutors”? Huh?

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">