Moto GP Racer
Join Date: Aug 2006
Location: Austin Texas
Thanked 2,462 Times in 1,717 Posts
Feedback Score: 5 reviews
Since I do this stuff for a living, I have a real world view. We spend a LOT of money protecting ourselves. I was the lead engineer at Experian before resigning to move to Austin. We did a lot of data breaches, including the VA when the laptop went missing with all that data on it.
If you look at firewall/IPS logs, you can see certain patterns. Scans/attacks happen 24/7. Even though we are always finding new exploits, and the attackers are always one step ahead, MOST of the time the victim missed something, and left a hole unplugged. It could be a vendor account that wasn't disabled, or an alert from their IPS (intrusion protection) that was ignored.
I don't feel it's a loaded question at all, or a way to try to shift the blame. The person doing to attack should always be held accountable, but the victim needs to stand up and take the hit for not being as good as they should have been.