SoylentNews is people
SoylentNews
from the need-to-fix-their-little-red-wagon dept.
Now this is scary. CNBC has a story posted: Execs: We're not responsible for cybersecurity. The story was posted on April 1, but I do not think this is a joke.
More than 90 percent of corporate executives said they cannot read a cybersecurity report and are not prepared to handle a major attack, according to a new survey.
More distressing is that 40 percent of executives said they don't feel responsible for the repercussions of hackings, said Dave Damato, chief security officer at Tanium, which commissioned the survey with the Nasdaq.
"I think the most shocking statistic was really the fact that the individuals at the top of an organization — executives like CEOs and CIOs, and even board members — didn't feel personally responsible for cybersecurity or protecting the customer data," Damato told CNBC's "Squawk Box". ...
"As a result they're handing this off to their techies, and they're really just placing their heads in the sand right now," he said.
I suppose I should not be surprised, but I find it absolutely appalling that there could be this level of active ignorance at such a high level in an organization. What would it take to make said "leaders" actually care about security?
Current practices of providing a year or two of credit monitoring seems woefully inadequate compensation. What if the affected company had to make an actual cash payout of, say, $500 to every person who had their personally identifiable information (PII) compromised? Treble that amount if the notification is not "timely"?
(Score: 5, Insightful) by frojack on Wednesday April 13 2016, @02:11AM
The problem is they have 0 accountability.
Oh, come on.
They have the same accountability as they do for fire protection of the companies various warehouses.
They might not be able to read a fire marshals report or an insurance adjuster's report, or a surgeon's report from a burn ward. They don't know a single thing about sprinklers or alarms or escape routes or Fire Department response times. And nobody expects them to know this. They have people for that.
But that doesn't mean they get off Scot free when 6 warehouses burn down and are found to have no insurance, have let the alarm contract lapse, and stored known high-risk materials in the buildings. Heads below them will roll, but if its bad enough the CEO's head will roll as well.
CEOs serve as the pleasure of the board.
No, you are mistaken. I've always had this sig.
(Score: 2, Troll) by Dr Spin on Wednesday April 13 2016, @07:23AM
Actually, yes they do get off in most cases.
What is needed, is a firm legislative reinforcement of the position that
(especially) in a limited liability "If a crime is committed by the organisation - the
liability of the directors is completely unrestricted. The directors are jointly and
severally liable for everything that the organisation (ie ANY and ALL employees) has done
unless it can be shown that they actively took all steps available to them as individuals.
IE "I did not know it was going on" is proof of guilt. You are employed to know, that is
what your job IS, and if you did not know, then you were not willing or able to do the job.
If you fail, you should be banned from being a director - in addition to the full penalty for
what ever was done.
I speak as a company director. This is what I was taught the rules are (or were, 30 years
ago).
It is also my understanding that society allows me to incorporate a company because it
is in society's interest. If it is not in society's interest for the company to operate (or company
is wilfully operating against society's interests) then society should be free to dissolve the
company. (EG Pharma companies taking decisions to discontinue products leading to
death of patients who need the medication). If the law does not say this, it would be
easy to change it - subject to voters taking responsibility for who they vote for.
No, I do not support the "fight for the right to be exploited" party.
Warning: Opening your mouth may invalidate your brain!
(Score: 4, Insightful) by frojack on Wednesday April 13 2016, @06:51PM
"If a crime is committed by the organisation - the
liability of the directors is completely unrestricted. The directors are jointly and
severally liable for everything that the organisation (ie ANY and ALL employees) has done
unless it can be shown that they actively took all steps available to them as individuals.
IE "I did not know it was going on" is proof of guilt.
So nothing bigger than a Mom and Pop corner grocery store could exist in your special little world then, right?
Because if some pimply faced kid spits in a burger he is frying for his rival, the CEO goes to jail because
he is obviously guilty of not personally supervising that pimply faced kid, and all the other 250,000 employees.
Sorry, but you are delusional. That world has NEVER existed other than the person to person barter world.
I'm guessing your about 14 years old, never held a job, never employed anyone, and sure as hell never ran
a business.
The very reason corporations exist since Roman times ~527 AD, is because civilization has learned that nothing of size can exist based on the work of a single individual, or even a small group, where each individual is 100% responsible. Sooner or later you have to employ someone else.
No, you are mistaken. I've always had this sig.