Comment by dwoosley

6 hours ago

I’ve done a lot of security consulting work for hundreds of companies and one thing I noticed is that the companies that actually took security seriously were the ones that had been breached in the past. Until the execs and board see the dollar impact themself and not just read about it, the security program never gets the funds it needs.

I’m not saying I recommend LastPass for that reason, but I wouldn’t write them off for that reason.

3 comments

dwoosley

Reply
gonzalohm  6 hours ago

But LastPass has been breached multiple times by now. I don't think they really care

  • dwoosley  6 hours ago

    There are lots of types of a “breach”. The first and second (the major ones) were likely related so more like one continuous incident. This one was a vendor breach that had access to their data so not a reflection of their security program as much as the first.

    I’m not saying you’re wrong, I’m saying you can’t tell from this incident.

sys_64738  5 hours ago

What happened to the old days of only getting one chance to f-up? Once chance and they should be gone permanently.