> I think the implicit assumption is that the vast majority of these breaches are obviously preventable (basic incompetence like leaving a non-password-protected database connected to the public internet is common).
Some breaches are certainly preventable. But is that the case here? I didn't see the technical details, I think they aren't released yet, but this is the conclusion everyone seems to jump to automatically, without necessarily good reason.
More importantly - these companies employ thousand of employees, all of whom could be doing something wrong that is causing a security threat. And there are thousands, maybe tens of thousands of people trying to find their way in. my point is that even without any negligence, if you have thousands of people trying to hack your company every day for years, it's easy to slip up, even if it's preventable-in-hindsight.
One of the first things you learn in working in security is that there is no perfect security, and you have to understand the nature of the threat you are facing. For these companies, the threat might very well be "North Korea decides to dedicate state-level resources to breaking into your company, plus thousands of criminals are doing the same every day". How is any company supposed to protect against that?
Which implies that the company is negligent in hoarding the data in the first place. If you admit that there is no effective security for sensitive data, you admit that holding the sensitive data in the first place is negligent. Create real sanctions for the loss of the data, follow through on them, and then companies will do better.
Mind you, Snowflake is the problem here, not AT&T, if it was their leak. AT&T is big enough that no meaningful sanctions will fall on them. It's not like they fell out of the sky and killed a bunch of people.
Would assume someone would notice all the data that is being transferred.
And if this turns out to be a sophisticated attack then who’s to say they didn’t backdoor a bunch of systems? I heard a talk from a big Norwegian company that got attacked. Every single server, every single switch, every single laptop, all had to be reformatted and reinstalled. I assume that AT&T would have to end up doing the same.
Some breaches are certainly preventable. But is that the case here? I didn't see the technical details, I think they aren't released yet, but this is the conclusion everyone seems to jump to automatically, without necessarily good reason.
More importantly - these companies employ thousand of employees, all of whom could be doing something wrong that is causing a security threat. And there are thousands, maybe tens of thousands of people trying to find their way in. my point is that even without any negligence, if you have thousands of people trying to hack your company every day for years, it's easy to slip up, even if it's preventable-in-hindsight.
One of the first things you learn in working in security is that there is no perfect security, and you have to understand the nature of the threat you are facing. For these companies, the threat might very well be "North Korea decides to dedicate state-level resources to breaking into your company, plus thousands of criminals are doing the same every day". How is any company supposed to protect against that?