If my kid was outside and kicked a football that went an broke a neighbours window, I’d fully expect the neighbour to come and talk to me about it. I’d be apologetic, and offer to replace the window. What I wouldn’t do is throw my kid to the wolves, tell him it’s his fault and try to wash my hands of it.
But that’s exactly what Solarwinds CEO tried to do by blaming an intern for setting a weak password of solarwinds123 which allowed the organisation to be breached.
Even if it is true that an intern in 2017 set that password, why did you allow an intern to set a password? Why didn’t you have password policies or audits? Why was there no multi factor authentication? Why did it go undetected for about 4 years? Why why why?
I get it, security is hard and mistakes happen. We’ve all been there and seen things go wrong. But if you’re the type of person to try and pin the whole issue on an intern, then you can expect far more criticism than had you just taken it on the chin.