feel like the number of requirements/systems/processes we've implemented, are currently implementing, or will implement in the future, as a result of that are starting to be a bit much
8 replies (most recent on top)
The punishment isn't the problem, it's how the securitah apparatus interprets it in the worst possible way every chance they get without any recourse.
To whoever posted this and is defending their post in the comments:
Just stop. Please. You sound ignorant and I question how qualified you are to even possess an opinion regarding Blackbaud's punishment or the cybersecurity changes Blackbaud is making.
Blackbaud deserves every bit of backlash and penalties they've faced from this incident. There are people who screamed from the mountaintops for years and warned their leadership team of the vulnerabilities in our software and infrastructure. There are people who warned leadership teams that we were spreading information to customers when we told customers that no sensitive information was accessible in the client databases. The entire leadership team should have been fired over this. They willfully disregarded critical cybersecurity risks and put millions of people at risk of having their identity stolen.
As far as Blackbaud's cybersecurity and infrastructure changes in response to this incident, they should have made these changes decades ago. They are not overreacting and phish resistant MFA is a bare-minimum. Do you even know what phish-resistant MFA is? Have you actually been paying attention to the mandatory cybersecurity trainings that CorpIT requires us to take every year?
We're talking about a company who hosts and manages DONOR and FINANCIAL DATA. If you think Blackbaud is "overreacting" to this incident, then maybe you shouldn't be at Blackbaud, or this industry for the matter.
The fact that this is coming from a tech employee in 2025 scares me and really sheds light for why Blackbaud is in its current situation.
Do better. The industry you serve deserves better.
maybe downvoted for being misunderstood. i am not talking about punishments related to leadership individuals at all
most of these are good practices that orgs are indeed doing today, but not all.. just one example off the top of my head is phish resistant MFA. almost like we're a guinea pig and being forced to buy a crapton of 3rd party software
Considering Support was basically told to lie to clients reaching out about it, no....no I don't think the punishment was too harsh.
Most of the actual requirements are good practices. It is BB's leadership that makes implementation painful for just about anything.
So many meetings. Lots of staff that are not hands-on with technical work. Too few people who can implement changes.
- no. These are good best practices that most places are already doing.
If that makes you mad, just wait until you hear about the ELT’s disastrous M&A record. That is where we will be punished.
2022 wants this comment back