Anyone that has worked in a sector where technology is often a second tier citizen or after thought knows these types of breaches are inevitable.
Hospitals. Banks. Airline industry.
The shit I have seen in just these industries made me think twice about having my private information held here.
Of course, the “IT” is often outsourced or “in sourced” (often juniors fresh out of college). Thus simple shit such as network segmenting production and development environments; and limiting access to production databases/assets is nonexistent.
I remember working in an airline where the backend systems were still running on outdated mainframe systems. Nobody had a clue how the existing mainframe systems worked. No documentation. Only poorly maintained support docs on how to keep it running. I ended up silent quitting after 3 months because management kept shutting down all of my initiatives to improve ops and quality. This company later had a massive meltdown. I wasn’t surprised and just glad I wasn’t subpoenaed.
Hospitals. Banks. Airline industry.
The shit I have seen in just these industries made me think twice about having my private information held here.
Of course, the “IT” is often outsourced or “in sourced” (often juniors fresh out of college). Thus simple shit such as network segmenting production and development environments; and limiting access to production databases/assets is nonexistent.
I remember working in an airline where the backend systems were still running on outdated mainframe systems. Nobody had a clue how the existing mainframe systems worked. No documentation. Only poorly maintained support docs on how to keep it running. I ended up silent quitting after 3 months because management kept shutting down all of my initiatives to improve ops and quality. This company later had a massive meltdown. I wasn’t surprised and just glad I wasn’t subpoenaed.