Re: Unpopular Opinion
"if you report your car stolen, the police tend to try and find out who stole it, and go after them for punishment. They dont turn around and fine the victim of the theft,"
The victim owned the car and was responsible to the owner - himself. You can't sue yourself. (not sure about USA...)
"saying that they should have better protected the vehicle."
Oh, most plods, will state the obvious that to the victim...
"They obviously have some level of basic security deterrents in place, all companies do. But in IT security, they are exactly that - deterrents. They will not stop anyone who REALLY wants to get in from getting in. That's a data security pipe dream."
So... since nothing can be secured 100%, why bother at all with security?
The question here is whether there were reasonably good safeguards against data theft. The nature of theft has not been discussed but hopefully an inquiry into this will enlighten us whether BA had the equivalent of Fort Knox for customer information storage; if all data was stored in an unpatched XP in the cupboard, or something inbetween.
If the safeguards were adequate, encryption everywhere, hashed passwords, everything PCI DSS compliant etc, the fines may be lowered or canceled. They haven't been fine yet.
"Why are we not puttiing effort into identifying and punishing the perpetrators of the hack instead of the victims?"
Who says that no effort has been done to identify the perps? The problem with many digital heists is the lack of evidence if the perps have known how to hide their traces.