C-levels often defend bad security practices to me with "well XYZ fortune 500 companies think it is good enough".

Not long ago every hospital in the world didn't bother washing hands or tools between surgeries.

It is best not to assume conformity is evidence of sufficiency.


@lrvick It is not that they did not bother to wash their hands. Dirty hands was considered proof that they were hard-working. And to their credits, they had no idea what was the actual cause of so many deaths. I heard they even sacked the receptionist that was "causing stress to the pregnant women" with his bell, before considering washing hands.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.