IT Security Horror Stories: Truth is Scarier Than Fiction

October 29, 2012, Mike Weber, Vice President, Coalfire Labs


Truth is Scarier Than Fiction

At Coalfire, we hear—and help our clients address—some pretty scary security and compliance stories. Everyone’s heard of blood-sucking cyber criminals looking for vulnerable IT systems. Even when organizations have protections in place, these monsters just won’t give up. Their appetite is insatiable...

Our tale today begins with

...the CIO of a Fortune 500 company who decided they no longer needed to pursue PCI DSS or PCI PA-DSS compliance. He believed that security in general was a waste of time and money because of a new principle the CIO had heard of on TV.
 
That principle: “Compromise Fatigue.” The principle suggests that organizations do not need to worry about security and compliance due to the growing number of data compromises reported in the U.S., that make customers numb to these announcements. In the CIO’s words: “Everyone gets hacked these days, so our customers won’t care if we lose their data, because everyone is losing their data.”
 
Guess what? They got hacked. They got fined. And the CIO? Out the door with a new "conversation starter" story on his resume. His replacement now has implemented a “best in class” compliance and governance strategy – with Coalfire’s assistance.

It’s just part of the reason security-conscious organizations of all sizes turn to Coalfire to audit the effectiveness of their IT risk management, and help them verify compliance.

*Promotional photo of Dracula, Bela Lugosi and Helen Chandler, Universal Studios, 1931

Have a scary story of your own? We'd love to hear your story and help you combat your IT monsters!

Learn more about Coalfire Labs:
Penetration Testing
Vulnerability Scanning & Assessments
Social Engineering
Application Security

Read our other IT Security Horror Stories:
The 100 Million Dollar Getaway
The Ghosts Inside
Breaching a bank in 20 minutes

Past Horror Stories
Truth is SCARIER than Fiction Redux
Is your Network an Unsegmented Haunted House?
Digging your own grave with Default Credentials
Slow Network, Big Phish
The Case of the Phantom Blood Red Team
A Tale of Spooky Hosted Images
Ghost in the Machine
Tale of the Fake IT Rep
Truth is Scarier Than Fiction
The Case of the Phantom Technician

Mike Weber

Author

Mike Weber — Vice President, Coalfire Labs

Recent Posts

Post Topics

Archives