This is an automated archive made by the Lemmit Bot.
The original was posted on /r/maliciouscompliance by /u/GrimBarkFootyTausand on 2025-06-10 08:50:17+00:00.
About four years back I got hired as an IT consultant, with a job description that said I would spend half my time answering phones, and half my time modernising the processes and internal communication.
I've worked 1st line phone support before, and it's actually an amazing way of learning how it all works, what users actually need, what processes actually work, and so that was fine by me.
A week into the job I pull my manager aside and tell him there are some security issues that need fixing ASAP, but I get told that I should STFU until I've been there six months and know what I'm talking about. I also tell him that the department has a lot of 'single points of failure' which is things like only one person knowing how to fix all our old systems from the late 80s. Same answer: STFU.
I mean, okay I'll STFU, but these are extremely obvious and extremely dangerous issues. Like, everyone has the same admin password and it hadn't been changed for 10+ years. Disgruntled former employees have this password, and four months later, in which I only answered phones despite the job description, we found out the hard way that Russian ransomware hackers also had that password.
So the entire company shuts down. All our stores are down, HQ is frantic, and we're running ragged trying to get anything resembling a working system up. VERY expensive experts are hired, and I fail at concealing a smirk when they tell us that the very things I pointed out four months earlier were used in the attack, and their suggested solutions were pretty much exactly what I recommended back then.
A few very stressful months later the company is barely functional again. I get called in and fired, because the manager doesn't feel like I fit in. I immediately crash with the stress of the last few months catching up to me, and so I'm unable to finish all my projects.
The manager assigns my projects to other incredibly stressed out people who then also crash and/or leave the company, including the absurdly important single point of failure (that one IT dude that knows how all the old systems work), and the entire department collapses.
At this point I know it's already cost the company about 20 million dollars in lost revenue and consultant fees, but then roughly TWO YEARS later I'm called up by a recruiter who is asking if I'm willing to travel, and get a bunch of international stores running after a ransomware attack.
Me: It's not 'company', is it?
Recruiter: Erhm, yes, is that a problem?
Me: Oh boy yes, but it's not MY problem, and you can tell 'manager' that.
Then I hung up, did a bit of online searching, and found out that not following my suggestions had, at that point, cost the company about 10 years worth of net profit.