According to an employee with knowledge of the system, the password to the Louvre's video surveillance system was simply "Louvre" at the time of the robbery last month.
One time I got written up for stating that “failing to take cyber security seriously creates a massive potential liability” for the company. Apparently that was “out of line.”
Well you know what else is out of line? Critical infrastructure organizations (i.e. utilities) that don’t take security seriously.
I would really like to see companies held more accountable for their data security. If data gets leaked through some security breach, regardless of the criminality of the perpetrators of that breach, if it contains sensitive data like unhashed passwords, credit card or other personal data, and other potentially even more sensitive stuff (medical, financial), the company that was supposed to secure that data needs to be held liable too.
Any company that stores any of that kind of data, needs to have real security experts on board and listen to them. If you can’t, don’t store that kind of data.
One time I got written up for stating that “failing to take cyber security seriously creates a massive potential liability” for the company. Apparently that was “out of line.”
Well you know what else is out of line? Critical infrastructure organizations (i.e. utilities) that don’t take security seriously.
I do not miss that dumpster fire.
I would really like to see companies held more accountable for their data security. If data gets leaked through some security breach, regardless of the criminality of the perpetrators of that breach, if it contains sensitive data like unhashed passwords, credit card or other personal data, and other potentially even more sensitive stuff (medical, financial), the company that was supposed to secure that data needs to be held liable too.
Any company that stores any of that kind of data, needs to have real security experts on board and listen to them. If you can’t, don’t store that kind of data.