Comment Gross incompetency in IT security (Score 1) 20
Very few businesses that are involved in IT in any way have anything remotely close to decent security.
Basically, they need to reintroduce the US' Internet Czar, who should have meaningful authority and who should impose meaningful IT security standards. That small companies can't afford to hire security staff is irrelevant as they mostly either work in the cloud using SAAS, at which point their provider should be handling all the security. If you want to roll your own, then you should accept the burden of paying for adequate security. Minimum standards apply to just about everything else in life, and I'd rate getting IT security right just a little bit more important than getting cars to not roll over (you can usually survive a roll) or preventing toasters from spontaneously combusting (you can park electrical appliances away from flammable stuff).
You can avoid catastrophes with defective appliances but you can't avoid catastrophes with defective IT systems.