Haley: SCDOR hacking may not have been preventable

Posted on by Dissent

Color me stunned.

In one breath, Governor Haley says that even with what is known now, there is “no way to say it could have been prevented.” Then we learn that investigators “believe that a hacker tricked someone at the Department of Revenue into opening a file that gave the hacker access to the system.”

And the Governor believes there’s no way to say the breach could have been prevented? Seriously? I can picture Jon Stewart describing this.

Read more on WYFF.

Category: Breach IncidentsGovernment SectorMalwareU.S.

1 thought on “Haley: SCDOR hacking may not have been preventable

  1. One thing that IT Training has taught me is that if a senior member is going to speak, that they should be informed by someone who kows technically about the system. The person who briefed the govenor was just as clueless as the govenor himself. Both appear to be only mildly familiar with the threats that occur almost daily. I wonder if there is ANY mandatory IT training that has to occur for state officials like Phishing, virus, social engineering or the like.

    Commmon, could not have been prevented? Social Engineering CAN be prevented. Setting security archetecture CAN prevent some files from passing through. Designing a network archetecture that has computer assets in a ring of trust CAN happen. Call it laziness, incompetence, inadequate training, poor security, lack of ethics or whatever it truly is. One thing for certain – it could very well happen again should the cause of the issue go uncorrected.

    Typically if there is an issue like this, sometimes – not always – there are other galring issues that exist as well. I don’t know what it is about big business – they lack the “guts” to bring in a third party to get an assessment of their network security. The cost of the assessment is FAR LOWER than a cost of a breach, and it shows due diligence.

    If it was me sitting there having a relaible source tell me to brief that it looks like the breach could not have been prevented, I would be SERIOUSLY worried about the infrastucture around the individuals that say this. To me it it sounds like either they lack the security knowledge, they want to cover something up, they don’t care about security and refuse to dump any cash into something to protect the network.

    Whatever the true outcome is, an understanding of security from the Top-down approach needs to be in place.

Comments are closed.