Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

And then when the company loses business from the disruption, do you think employees walk away scot-free?


I consider that inherent risk. Not getting a raise because the company made business decisions that turned out suboptimal (such as gaining short-term profits by not investing IT security) is a risk that any employee faces. If you want a more stable environment you go for a more risk-averse employer, perhaps even public sector jobs.


That's a silly proposition. If my field of expertise is inherently private, I don't have that choice. Also I can't solve for every variable when searching for jobs. I choose among the ones I get an offer for, and obviously their IT decisions aren't top of my list (nor do I know what those are prior to hitting the desk)


Ruining companies that can't (or won't) get their act together (whether it's security, finance or any other critical and undervalued area) is a short-term pain that fixes the issue. Refusing to fix simply prolong the problem - at some point you have to say "enough is enough" and tear the bandaid off, if you don't, and you don't do so with severe enough consequences then businesses will simply conveniently ignore what they're being asked to do.

Necessity is the mother of invention, I have no doubt that the opportunities created by blowing away poorly-behaved incumbents will cause a healthy collections of startups who will be operating within the required framework.


You may not see yourself as having a choice but that wasn't really my point. What I was getting at is that being an employee in general comes with a diffuse risk of many factors that can result in not getting a raise or the company even going bankrupt. Many of them are outside your direct responsibility or influence and yet you take up the whole risk package when joining that company. The company getting ransomwared is just one more factor. It's not special. Well, one issue with it is that it requires criminal activity so it's dragging us down to a worse equilibrium where more resources have to be spent on countermeasures. But arguably that cat is out of the bag, so the next best thing that we can do is to make security best practices easy. And microsoft wasn't doing its part here.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: