There is a specific kind of silence that falls in a war room after a breach.
I’ve been in two of them. Not as the person responsible, but as the journalist who got the call. The first was at a mid-sized fintech in 2019. The second, more recently, was at a SaaS company that had been operational for less than eighteen months. In both cases, the root cause wasn’t sophisticated. No nation-state actor. No zero-day that nobody had ever seen. In both cases, someone had built an API without thinking seriously about who — or what — would be on the other end of it. And the results were exactly what you’d expect when you hand a loaded system to the world with the safety off.
This article has been indexed from DZone Security Zone
Read the original article: