@carnival-boy said in Ransomware Isn't the Problem, IT Departments Are:
I think just blaming IT departments is harsh. I know from back when I was running IT departments that there is constant pushback from users whenever security was tightened or new policies rolled out and it is critical to make clear that security is something being pushed from the very top and not from IT. In many companies, senior executives will actively undermine IT when it comes to security - that shouldn't happen.
This is completely true. However, I am also very critical of not allowing senior management to undermine IT by making IT decisions and then claiming to not be IT. Those "senior managers" without IT, are actually the IT managers in that situation. That they try to skirt blame by claiming other titles is irrelevant. IT is who does it.
It's like plumbing. If you hire a trained electrician and then he does your plumbing, he's a plumber. He might not be a trained plumber, he might not be a good plumber, but he's a plumber.