In less than a minute a Hacker found out that the bank was giving out too much information.
As the hacker studied the website information, it was evident that it will not take long to hack the website. Which means access to customer server information, so that means PII (Personal Identifiable Information), banking information and more.
I wonder if executives which draw a salary know about this weakness?
Let’s say the execs of this bank outsourced the development of the website and the IT department. So they are thinking – we are set, we have a nice website, a good service, and we outsourced so our liability is lower in case of a hack.
Obviously they did no testing with an accomplished ethical hacker.
This is why I say in the headline: Executives Don’t Know Nothing (which means they know something – as the double negative implies)
The executive willfully pushed the IT project away, and thus washed their hands from any future liability.
We all know how this ends. the criminal hacker can take over the site… besides stealing all data and info from the bank, they can install malware on the website, so the next time the bank customer comes to the website they will download the malware and then in the near future the criminal hacker will install ransomware and make an additional $300 or €300.
1000 customers at bank? They can make an additional $300,000 potentially.
And now the name of the bank will be in lights – all the wrong ones. Sure the liability of the actual IT work is lessened – the exec can point to ABC outsource co. and say they fulfilled compliance requirements… But now the headlines will say:
“Bank hacked – 1000 Customer’s Information Stolen.”
It was easy…
So try and test next time. Testing saves on liability to negligence whether outsourced or not. Maybe your lack of testing (whether your IT people or not) will still cause millions of $ or € in lawsuits. It has happened before.