> and a failure to promptly install some software to help spot and defend against hacks
so against your "cannot or will not be resolved" you have actual software being actually not installed (and that's on top of other bad smells at the company listed in the article).
> Protecting a large enterprise from cyber attacks is basically impossible
Absolute garbage. You seem to be confused about 'protecting against' vs 'making invulnerable'. An you profile actually claims you have "Fintech CTO background [...] including risk analysis" - honestly what on earth made you post such a thing?
Some Cyber Sec professionals are all about the products, but often it's just a barrage of random crap that doesn't really do anything and no strategic planning used in an attempt to paper over the fact they have no skills in the area they're buying for.
Sometimes it's easier to just install it, but engineering budget _is_ a zero sum game, so wasting time adding random binaries, that sometimes actually increase risk, is something you can see being ignored.
Further, the specific attack didn't require any more monitoring tools that were already claimed to have been configured. They just weren't using them properly.
P.S. Given there was a high churn in InfoSec staff, I could totally imagine them all asking for their pet products and then raising concerns when they don't get it. This is typical in dysfunctional orgs.
> and a failure to promptly install some software to help spot and defend against hacks
so against your "cannot or will not be resolved" you have actual software being actually not installed (and that's on top of other bad smells at the company listed in the article).
> Protecting a large enterprise from cyber attacks is basically impossible
Absolute garbage. You seem to be confused about 'protecting against' vs 'making invulnerable'. An you profile actually claims you have "Fintech CTO background [...] including risk analysis" - honestly what on earth made you post such a thing?