One should not have to think about this one, or write about it. I see server operations "professionals" almost five days a week that can't be bothered to lift a finger about security until after it's too late... but I've just seen something that's worse, if you can imagine that.
It appears that another major social media site has been hacked, but this one (which I won't dignify with a mention) is one devoted to the furthering of cheating. According to media reports it bills itself as “the world’s leading married dating service for discreet encounters”. In a world in which the internet is becoming more of a party line every day, the idea of establishing a central point for illicit activity would seem not to be a very good idea. But some evidently avail themselves of this.
Now, the guys I was mentioning before (Admins who slack off on security) are sometimes people who are intimidated by such simplicities as Windows Update. But simply being nontechnical doesn't mean being stupid. Often the uninitiated hire somebody else to handle that stuff. Fine and dandy. Some of them put it off until a problem impels them to hire outside help. Fine and dandy. That's one level of the problem. That's not as dumb as cheating on a spouse through a maybe-insecure site that publicly advertises its purpose as enabling illicit hookups.
This has implications for the security and server operations industries. How do you protect against a user base that pushes back frontiers in stupidity? This creates an internal threat that is dynamic (apparently getting worse by the year). Talk about a cost of doing business. This is the end of the post. I have no idea how to fix stupid (as the comedian Ron White says). I guess that making sure to do backups is the only answer, since by my logic, sooner or later (depending on how many bad hires one makes), you're gonna be rebuilding something.
