> Your implication that this was due to lack of proper security hygeine is unfounded. Security hygeine reduces risk it does not eliminate it.
Nope. No security professional will admit that anything ever eliminates risk, so that's a strawman fallacy.
The point is that sharing admin passwords is a blatant violation of cybersecurity hygiene which every employee of the CIA is capable of understanding and avoiding. If the org can't enforce even just the basic stuff, there's not much hope of raising standards above that.
> from the most persistent and resourceful attackers.
Here's a secret that everyone already knows: the most persistent and resourceful attackers will always get in given enough time.
> Your implication that this was due to lack of proper security hygeine is unfounded. Security hygeine reduces risk it does not eliminate it.
Nope. No security professional will admit that anything ever eliminates risk, so that's a strawman fallacy.
The point is that sharing admin passwords is a blatant violation of cybersecurity hygiene which every employee of the CIA is capable of understanding and avoiding. If the org can't enforce even just the basic stuff, there's not much hope of raising standards above that.
> from the most persistent and resourceful attackers.
Here's a secret that everyone already knows: the most persistent and resourceful attackers will always get in given enough time.