The recent cyber attack on SolarWinds (itself a major cybersecurity company) caught the world's attention, compromising the IT infrastructure of multiple US government departments among others. Now, the CEO of the firm has blamed an intern for setting weak password protection on the company's file server, using the easily-guessable "solarwinds123".
Blaming the intern ignores the true root cause of the problem. The company showed signs of systematic cybersecurity failures that went far deeper than an intern's ability to set a password.
Organisations protecting mission-critical data must take a holistic approach to cybersecurity. That means effective security management programmes, enforcement of access management policies, technical controls, and compliance with industry security standards.
Together, that should help avoid cyber breaches occurring in the first place - and avoid any need to blame the intern.
"You and your company were supposed to be preventing the Russians from reading Defense Department emails!"