Re: The Real Problem
The real problem is not Windows! It's the humans looking out the windows.
In many of these instances it is either that 1 person or persons as access to ALL the organizations data. It is most often someone who absolutely should not! Some executive level person who only has that access "because they be impotent!" Or it is that inter-computer security is lax or broken. Once after a merger it was discovered that the company we merges with had a Group Policy that made Domain Users administrators of EVERY computer. When I said "This must end" i got an argument that I didn't understand that there are applications that cannot work without Administrator rights. To which I called BS on that and even if you need it you make the USER administrator, NOT EVERYONE!
It's not just having backups. It a complete security posture. But if you don't secure your biggest risk, YOUR PEOPLE, then you have no security at all!