Probably not - The reason we continue to see attacks is for a couple of reasons:
1) There are very few consequences. At worst, a hacker will get 5-7 years, and the chance of getting caught is low.
2) Security is very very very hard. The defender must get everything right. The attacker only needs to find one flaw.
3) Security does not just depend on security staff. It depends on every software engineer, operations (or devops) engineer, every software dependency, every piece of hardware, etc. If one of these people or dependencies has a problem, the whole system can be cracked. Examples of problems include writing insecure code, getting hacked, not removing old employees from an ACL or group, installing a tool with a back door, etc.
The point is security is hard and it depends on people doing the right thing. It's very hard to get people to do the right thing.
#3 is big as I'm not a security or IT person, but have had a big burden placed on me with regard to security. The biggest factor is work that was once done by internal employees in trusted areas is now outsourcers and contractors, sometimes from low pay higher corruption areas.
There's a constant fight of giving and removing access from an army of people. Additionally, there are often efforts to push these higher risk people into more confidential areas because the push to cut costs. Make one exception and then a "but this person has access" is sure to follow.
> The reason for this attack is political (in the general sense of the term).
The opening salvo in the article is:
>> A self-proclaimed hacktivist group named NullBulge, aiming to “protect artists’ rights and ensure fair compensation for their work,” claims to have breached Disney and leaked 1.1 TiB (1.2 TB) of the company’s internal Slack infrastructure
1) There are very few consequences. At worst, a hacker will get 5-7 years, and the chance of getting caught is low.
2) Security is very very very hard. The defender must get everything right. The attacker only needs to find one flaw.
3) Security does not just depend on security staff. It depends on every software engineer, operations (or devops) engineer, every software dependency, every piece of hardware, etc. If one of these people or dependencies has a problem, the whole system can be cracked. Examples of problems include writing insecure code, getting hacked, not removing old employees from an ACL or group, installing a tool with a back door, etc.
The point is security is hard and it depends on people doing the right thing. It's very hard to get people to do the right thing.