CIOs fault -- yes but for a different reason
Is it the CIO's fault? Well, yes, but not for the reason suggested.
I have to disagree with Ledswinger's assertion that it is automatically the CIO's failure to articulate costs and so on that led to this problem. Some people, you can articulate the need for something to be done as eloquently, definitively, and assertively as you want, they just will not listen. Maybe he didn't make his case, maybe the executives just didn't listen.
On the other hand, why should tills have internet access? The couple setups I've dug into, against any sanity and good judgement the registers are running Windows (this is enough by itself to make me only pay cash!), but anything on the "cash register" network segment can ONLY contact a single computer, not to the public internet -- if a till were hypothetically hacked it could never phone home. Forget virus scanners and whatever, this is where the CIO's going to run into problems -- why was the network at each location set up so incompetently? If the tills connect to a "back of house" server to do all transactions, they should not be able to reach the internet at all, and the back of house should be behind a firewall that only lets it connect to the card processor and whatever Home Depot machines it needs to connect to to record sales transactions. If the tills do this themselves, then they should be similarly restricted. The fact that this information could get out at all means they were not doing this.
Biting the hand that feeds IT
