You Can't Avoid Responsibility for Cyber Security Breaches for Long
Anderholm is convinced that corporate leaders won't be able to get a grip on cyber security until they start to view it as any other security. They certainly wouldn't accept "we don’t know who they are" if the breach were a physical intrusion. "When there's a breach most people don’t know how it happened, so it's easy to lay blame on some nefarious overseas government, but the breach usually occurs because the organization has weak security," Anderholm said.
When Anderholm visits with a new client, he is continually surprised by the lack of knowledge corporate leaders have about the status of their data. "They don't even know how many machines they have running," he said. "When we hear about 'an attack from overseas,' we’re skeptical. We believe it's their weak security, even though they always think it's someone else’s fault."