SoylentNews is people
SoylentNews
from the need-to-fix-their-little-red-wagon dept.
Now this is scary. CNBC has a story posted: Execs: We're not responsible for cybersecurity. The story was posted on April 1, but I do not think this is a joke.
More than 90 percent of corporate executives said they cannot read a cybersecurity report and are not prepared to handle a major attack, according to a new survey.
More distressing is that 40 percent of executives said they don't feel responsible for the repercussions of hackings, said Dave Damato, chief security officer at Tanium, which commissioned the survey with the Nasdaq.
"I think the most shocking statistic was really the fact that the individuals at the top of an organization — executives like CEOs and CIOs, and even board members — didn't feel personally responsible for cybersecurity or protecting the customer data," Damato told CNBC's "Squawk Box". ...
"As a result they're handing this off to their techies, and they're really just placing their heads in the sand right now," he said.
I suppose I should not be surprised, but I find it absolutely appalling that there could be this level of active ignorance at such a high level in an organization. What would it take to make said "leaders" actually care about security?
Current practices of providing a year or two of credit monitoring seems woefully inadequate compensation. What if the affected company had to make an actual cash payout of, say, $500 to every person who had their personally identifiable information (PII) compromised? Treble that amount if the notification is not "timely"?
(Score: 2) by edIII on Wednesday April 13 2016, @06:44PM
You're understating the damage done by the NSA, no?
We still don't know the full extent of their exploits that they've deliberately developed, and purchased. We can't since they're allowed to remain hidden and unaccountable to the United States Constitution. Remember, the FBI just purchased information from gray hats (pieces of shit, more respect for black than gray). So it's not just the NSA, and not even just the FBI. They literally help foment a black market for exploits, since they are a huge buyer. Along with many other governments, but ours is actually supposed to protect us. I don't believe that White House oversight committee for one split fucking second. They say they're heavily biased towards disclosure, but then admit that intelligence communities directives are "considered" (Read: Followed).
The NSA has compromised our encryption, and continues to attempt to do so. What they did with random number generation to predict the numbers was truly impressive, and that's just the tip of the iceberg. The NSA also operates the TAO which is physical intercepts of equipment to install back doors, hardware or software.
So, ummm, no I don't think I'm overstating anything actually. The NSA is directly responsible for a non-trivial and significant portion of the weakening of our cyber security. Plain and simple.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 2) by Wootery on Thursday April 14 2016, @10:40AM
You certainly make good points, but what proportion of real security issues are the fault of US government agencies?
My gut feeling is that security is already so difficult that the misbehaviour of the NSA/FBI probably isn't as significant as you're making out.