I mean, if MeridianLink complied with the SEC's rules they wouldn't need to worry about the hackers threats. Also, if MeridianLink had invested into their IT team and had better safeguards for our...
I mean, if MeridianLink complied with the SEC's rules they wouldn't need to worry about the hackers threats.
Also, if MeridianLink had invested into their IT team and had better safeguards for our information wouldn't have been stolen.
I know that they're technically one of the victims in this case but if a bank leaves the vault open and unlocked they're culpable. We've got to start holding companies that do not properly harden their IT infrastructure accountable as well.
But, this is the SEC! They wave their finger and click their tongues and let them off with a warning to at least update their out of date drivers.
Executives set the expectation for the software. A single developer doesn't decide if they should make a program any certain way - the higher ups tell them what to make. At best, we could hold the...
Executives set the expectation for the software. A single developer doesn't decide if they should make a program any certain way - the higher ups tell them what to make. At best, we could hold the head of IT accountable... Along with the C suite.
At large companies typically software developers do not make this call In my experience software developers are usually aware of the issues and fight to get time to fix them, but the business...
At large companies typically software developers do not make this call
In my experience software developers are usually aware of the issues and fight to get time to fix them, but the business people don't want to spend the time/money on it
I mean, there's a reason disclosure laws exist. The ransomware thugs don't deserve any praise, but 0 sympathy for victims whom are required by law to disclose things like this and avoid doing so....
I mean, there's a reason disclosure laws exist.
The ransomware thugs don't deserve any praise, but 0 sympathy for victims whom are required by law to disclose things like this and avoid doing so.
I'll give the thugs a little bit of praise anyway: Your efforts here will hopefully be a lesson to other companies that think they can just hide things that should be disclosed and hope nobody catches on.
We're definitely on the same page. I'm just not convinced this type of extortion by the thugs will incentivize victims to disclose a breach. Let me put it a different way: if the thugs didn't...
We're definitely on the same page.
I'm just not convinced this type of extortion by the thugs will incentivize victims to disclose a breach. Let me put it a different way: if the thugs didn't think they would be making more money by threatening to file a complaint to the SEC, why would they go through the effort of doing so? In my view it stands to reason this effort gets rewarded in the form of more victims paying off thugs.
Just another lever to get the victim to pay up. Brutal
I mean, if MeridianLink complied with the SEC's rules they wouldn't need to worry about the hackers threats.
Also, if MeridianLink had invested into their IT team and had better safeguards for our information wouldn't have been stolen.
I know that they're technically one of the victims in this case but if a bank leaves the vault open and unlocked they're culpable. We've got to start holding companies that do not properly harden their IT infrastructure accountable as well.
But, this is the SEC! They wave their finger and click their tongues and let them off with a warning to at least update their out of date drivers.
We've got to start holding software developers that do not properly harden their executables accountable as well.
Executives set the expectation for the software. A single developer doesn't decide if they should make a program any certain way - the higher ups tell them what to make. At best, we could hold the head of IT accountable... Along with the C suite.
At large companies typically software developers do not make this call
In my experience software developers are usually aware of the issues and fight to get time to fix them, but the business people don't want to spend the time/money on it
I mean, there's a reason disclosure laws exist.
The ransomware thugs don't deserve any praise, but 0 sympathy for victims whom are required by law to disclose things like this and avoid doing so.
I'll give the thugs a little bit of praise anyway: Your efforts here will hopefully be a lesson to other companies that think they can just hide things that should be disclosed and hope nobody catches on.
We're definitely on the same page.
I'm just not convinced this type of extortion by the thugs will incentivize victims to disclose a breach. Let me put it a different way: if the thugs didn't think they would be making more money by threatening to file a complaint to the SEC, why would they go through the effort of doing so? In my view it stands to reason this effort gets rewarded in the form of more victims paying off thugs.