@cjd
Leveraging relationships pays the bills. Shareholders don't care about making a compelling security product, they care about revenue. Hopefully this will put a dent in revenue...

@Senicar
Yes, I think that's where we're going. I've noticed a lot of Fluff Security has gone away over the past 10 years, useless anti-virus and checkbox items, hardware firewalls, etc. As the game gets harder the players level up...

@cjd
People are getting more security conscious (see: the rise of personal VPNs) but there's still big money in checkbox security and hardware firewalls. I still see orgs shell out cash to certify compliance, with a disfunctional vulnerability management program (and other basics). I think for incidents like this one, governments will need to start demanding more of their contractors.

@Senicar @cjd

They already do. I've been working for very large organisations in both public and private sector, and on both sides - so as someone who hires suppliers, and someone who is a supplier. The amount of due dilligence and compliance forms you have to fill in each time is massive. The problem is that even if the supplier is total crap in terms of security but business really wants them, they're just going to "accept risk" and job done.

@cjd Well, they don't deny or cast doubt on the GRU hacks which is typical RT mode of operation. What I see in this article is more of a tone like "stop whining like babies, it's you who screwed up".

@kravietz
If somebody talks about a democracy hacking a dictatorship's nuclear program in the same article as a dictatorship hacking a democracy's elections, that's too far into the propaganda zone for me to take seriously.

@cjd

You can be morally right but still get breached if screw up your infrastructure, that's the key take away here.