Ann, the more disconcerting part of how accurate that stip appears is that it appears to be that accurate, meaning that so many of the upper management types fit the model of "the pointy-haired boss". Those folks who claim the sim8ularity can't possibly all be very far off, can they?
Yes, Rob, I would imagine background checks would help but it's kind of difficult and time consuming to do extensive background checks on every single person hired at a company, although I am sure companies with high security concerns do it. But even then you might miss something, or someone might just become disgruntled and try to sabatoge company or plant information. If I recall I wrote an article on this for another publication years ago, and the point of the article was that because you can't always control people so well you have to really secure your data and systems as best you can, and keep in mind that sometimes threats may come from inside so whatever you can do to secure systems from that, do so, by only giving people access to the systems or info they absolutely need for their jobs. But if someone with high security clearance wants to hack the system, you're right, I can't imagine how they can stop that.
I had a manager refuse to even consider a proposal for an addition to their fire-suppression system because the cost of the system would come from the profits and make him look bad. This was a week afrer that same system had poured water all over the new parts of the buildings computer network system, which the repairs and replacements cost a whole lot of money. The addition to prevent the damage from ever happening again would have cost much less than 1% of the cost of the damage repairs. But the money was "not an investment in profitability", and so he was not interested. That was a branch of Delphi. He was the manager who cussed at people. (a lot of folks will recognise him from that description).
That disbelief sounds like it's about the same from 2005 when I was talking to some experts on the subject for that WP (including high-level mil and ex-FBI guys). I find that kind of ostrich behavior hard to believe, yet it appears to still be widespread. The security pros told me it was due primarily to an unwillingness on the part of management to deal with the whole can of worms and the expenses involved. Of course, the pros would tell them just what they needed to do and point out that the costs would be much higher after a breach than to set up controls to prevent the breach in the first place.
Focus on Fundamentals consists of 45-minute on-line classes that cover a host of technologies. You learn without leaving the comfort of your desk. All classes are taught by subject-matter experts and all are archived. So if you can't attend live, attend at your convenience.