Putting the victim on trial. Decades ago we learned to stop putting victims of sexual abuse, domestic violence and rape “on trial”. Well, mostly anyhow. But we, mostly, stopped blaming the girl because she wore a short skirt or went to a bar and flirted with guys. These days we don’t try and say that the domestic violence victim invited the abuse or they were at fault for not speaking up in the first place. And so forth. But there’s a community that, I am sad to say, spends a lot of time blaming the victims of crime.

In the Information Security community there is a tendency to blame the victim first, rather than the criminal. And as soon as that starts to work, much of the community begins to pile on like sharks smelling blood in the water.

I’m not even going to name all the times this has happened and give examples. We all know about the retail company, the coffee company, the software company …. the list goes on and on …. that didn’t have perfect security, got victimized by a criminal…