Quote Originally Posted by Roy Tucker View Post
To tell you the truth, I don’t know. Those companies and institutions face a long haul back to disinfecting their infrastructure and regaining the trust of their customers. It means provisioning out parallel systems and networks, working closely with all your hardware and software vendors to make sure they are properly patched, rebuilding your infrastructure, making quadruple sure everything affected is the correct version and revision level, and being absolutely scrupulous and diligent that everything is being done safely and securely. It calls for a lot of diligence and discipline. I know where I work, IT security is of paramount importance and from the C-level on down, we all own it and live it every day. I know the CTOs and CISOs will cringe at this, but if they've been affected by these hacks, they need to be totally transparent to their customers and let them know what has happened and what they will do to remedy it. Doubt and distrust are your enemy.

Where I work is one of the top 50 trustworthy companies in the US and we take that to heart. We scrupulously review everything we do, new systems, software, network, etc etc.. We constantly train up people and keep them fresh. We regularly run red team blue team exercises. We hire ethical hacker consultancies to run pen tests and do everything they possibly can to probe us and hack us and let us know of our weak points. But any company worth their salt has to have this security philosophy firmly ingrained into their company culture. I'll tell you one thing, cybersecurity is a great area to be in right now. I wish I was 20 years younger so I could spend more time working in this area. I love doing it but I'm getting a little tired of the 50+ hr. week grind.
There is responsibility that needs to fall on clients and users, too. Treat information infrastructure like one would accounting regarding safegaurds and auditing and fewer disasters would occur. They could probably be reduced by 80%.