[viraptor]

I have some strong views here. 1. These are cons more than hacks as you wrote. I believe the protection doesn't exist only because there's no real risk. What would happen if some employee got conned to send out company money. Why isn't the same response applied to obtained information? 2. Principle of least privilege + monitoring. Those companies should know almost immediately about the break-ins. Even if the training fails, there are mechanisms to stop this.

I'm starting to believe that at some point we should start fining people for lack of protection.