Hacking Away
The San Francisco Transit hack is just an example of an organization not taking infrastructure security seriously. They claim a lack of funds was the reason for lack of proper security measures. For me, an owner of a network security company, I see this as a common problem for many companies I support. Most do not budget in for security audits, penetration testing, and other measures to help reduce attacks on their networks. They just take a reactive approach when it comes to their network security.
When asked to sit in on budget meetings, I make recommendations on infrastructure additions and upgrades, with emphasis on proactive security measures. If the network is breached, it's always a fight to lock things down. Even though i may have a good security plan, you can never have a 100% secure network. The reason is that bad actors have an advantage...TIME.