Instead of a reactive approach which inevitably looks for a scapegoat to blame, organizations should take a proactive approach and be prepared for cyber attacks. Because in reality, no one is safe.
Don’t blame the victim As I’ve written before, it’s crucial not to blame the victim in a cyberattack. Pointing the finger at the perceived weakest links in the chain of the organization can encourage them to hide breaches, or try to fix things themselves. This kind of suppression of information and awareness can be devastating for cybersecurity. Basically, “blame the victim” and finding the “bad guy” inside the company does not do any good and only fosters a mentality of “pretend it doesn’t exist,” especially in a layered bureaucracy. Today, data has more value than physical objects and crosses not only corporate lines but sovereignty. That means we need a new mentality of reporting incidents quickly, and without blame.