That's the primary thing a contractor does: get breached. They also cost the same as an employee, but are usually less talented or at least less integrated within the organization. Somehow, the moment you become an executive, contractors become an appealing option due to some unknowable black magic.
despite being allies, big reason why Americans do not trust or share sensitive information with South Korea-whatever they share always ends up in North Korea and China<p>but perhaps the biggest enablers of these security lapses aren't just the shoddy cybersecurity management but the political environment<p>anytime you try to fix or address an issue, the opposition party will take contrarian stance without merit.<p>no political party in america will disagree with the events of 9/11 yet in south korea disagreeing/contrarian stance is the default because they have premature understanding of what democracy is (ex. <a href="https://en.wikipedia.org/wiki/ROKS_Cheonan_sinking" rel="nofollow">https://en.wikipedia.org/wiki/ROKS_Cheonan_sinking</a> - imagine if a major American political party started refuting the events of 9/11 and defending Al Qaeda!)<p>so its no wonder that stuff like this will result in no arrests and waste valuable tax dollars.
I have no idea what to do about tech security. The holes will seemingly always exist unless we go back to safety critical code.<p>Its far easier to be a hacker than a programmer of the same economic/political influence. You can take the second or third tier of programmers and they will be able to get you into a system.<p>My only thought is to only prevent non-anonymous entry, require some real world presence, and have capachas between commands... This doesnt scale.
> ..outsourcing relationships with them..<p>One of my latest gigs was on Third-Party Security. For years and years companies (especially banks) were giving little to no attention to third-party security/privacy. I've happily seen that over the past 5 years most (mega-big) banks have taken it "all the way up to 11".<p>Hackers are smart people, why hack company X with 50 people on their SOC and not hack a vendor that is lazy and clumsy? (and in some cases it's 5 guys with laptops behind a cheap never-hardened router in some random country)