| They certainly could have done more. I'm not as confident that doing more would have prevented this. Not at the larger scope. Perhaps additional investments would have made Home Depot a less attractive target and Walmart would have been attacked instead. Or Sears. Or Best Buy. Or Lowe's. Or Petco. But then we'd be having this exact conversation about those companies. Let's follow the money. If Home Depot does not make security investments you lose money. Because they get hacked. The hackers make money. If Home Depot does make security investments you lose money. Because they are not going to shrink their margins. The customer is going to take the cost of business in this case. Hackers are going to target someone else (maybe), were the customer will again lose money. The hackers make money. Hacking costs you money. It either costs you as a business expense or as an upfront investment in infrastructure/technology. Yes Home Depot cost you money. But it costs you money the same way that banks cost you money when they get robbed. Is it the banks fault? The arguments in this thread say "Yes. Because the bank left the vault open." I'd agree, except I don't see a way for any bank to close any of its vaults. The current state of cybersecurity is that bad. |
I think it's pretty basic. Any IT system has a collection of zero-day vulnerabilities. If the company is smart, they will track what these vulnerabilities are and mitigate the vulnerabilities that can be fixed. The vulnerabilities that don't get resolved will eventually meet up with a zero-day exploit. Then there will be a loss.
It would appear that Home Depot didn't mitigate their vulnerabilities, and now they will have to pay.