The security industry has an accountability crisis. It’s time to talk about it, then fix it. Whenever a massive cyber attack occurs inevitably a chorus of voices rises to blame the victims. WannaCry on 5/12 and Petya on 6/27 yet again kicked off the familiar refrains of:
“If users didn’t click on stuff they shouldn’t….”
“If they patched they wouldn’t be down….”
“This is what happens when security isn’t a priority….”
“Now maybe someone will care about security…”
I have yet to meet a single user that clicked a malicious link intentionally – beyond security researchers and malware analysts that is. I have yet to meet anyone that delights in not patching as a badge of honor. There are great reasons not to patch, and terrible reasons not to patch. As always context and situation matter.
Read full news article on DABCC