Fall World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Spring Journal

Volume 30, Issue 1

Full Contents Now Available!

Monday, 26 August 2013 15:39

There are no winners in the blame game

Every time a major security breach makes the headlines, a common reaction happens. Even before the details of the breach are known, the infosec world gets into a frenzy of speculation as to how the attack happened, who conducted it, and whether the attackers were skilled or not. Invariably the conversation focuses onto the company that is the victim of the attack, and it often tends to highlight how stupid, negligent or weak its security defenses were. In effect, we blame the victim for being attacked.

While the organization may have been negligent, or their security not up to scratch, we should not forget they are still the victim. How good, or not, the victim’s security is a separate issue for a separate conversation. Foisting blame on the victim on top of having to deal with the incident does not bring much value to the conversation. The blame for the attack should lie squarely on the shoulders of those who conducted it.