Companies Have Little Incentive To Invest In Cybersecurity

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
I bet if we started holding companies more accountable there would be a little more incentive to invest in cybersecurity.

When we examine the evidence, though, the actual expenses from the recent and high-profile breaches at Sony, Target and Home Depot amount to less than 1% of each company’s annual revenues. After reimbursement from insurance and minus tax deductions, the losses are even less.
Click to expand...
 
Benjamin Dean, the author of the article, is a moron to compare the cost of cybersecurity against revenue. Revenues are not guaranteed income. Didn't Sony take a loss? No profit means it could have looked like ALL their money was spent on cybersecurity. It would be more meaningful how much cybersecurity costs were a percentage of overhead.
 
Companies need to be held more accountable with higher costs/fines for getting breached. It'd lead to investment in cybersecurity when the risk/loss is higher than the reward (for doing nothing).

While we're at it. We should strike the arbitration agreements hidden in ToS's and allow individuals to sue. Want to store customer data? You accept that risk.
 
Lets see, data breach, and the response of any big company is to mail out a bunch of premade letters talking about how your information might be compromised, and how to check your credit report at Experian. Yup not much incentive
 
How about we hold the big credit companies responsible. They're the one's that made your identity valuable enough to make people want to steal it by associating a couple of numbers they made up with it.
 
Fines should be levied the same way we fine car manufacturers or food companies. At some point the industry needs to take security seriously. Given how advanced tech has gotten companies are still implementing very half-assed security when it comes to anything connected. Point of Sale systems are an absolute joke as our aging infrastructure. Eventually something really bad is going to happen and then we may start to see some changes.
 
Dwango said:
How about we hold the big credit companies responsible. They're the one's that made your identity valuable enough to make people want to steal it by associating a couple of numbers they made up with it.
Click to expand...

This. There is no amount of cyber security that will fix the problem we have. We ultimately have tied everything to one number... SSN. That was one huge mistake.

Your SSN is everywhere and there is nothing you can do about. It is on your W-2(s) that are mailed via paper via the USPS. Schools, Hospitals, Banks... it is everywhere and the only positive is that the ODDS are low that you get picked out of the millions of numbers out there.

As for cyber security, no one cares because the big bad banks hueh hueh hueh have to eat the real losses anyway. I always laugh when a breach happens and people rush to change their CC number... like it matters.
 
XvMMvX said:
Your SSN is everywhere and there is nothing you can do about. It is on your W-2(s) that are mailed via paper via the USPS. Schools, Hospitals, Banks... it is everywhere and the only positive is that the ODDS are low that you get picked out of the millions of numbers out there.
Click to expand...

Wasn't that Apples approach to viruses? Security through obscurity?


The problem is that even there is little chance the crooks will get caught and even if caught, there will be little in the way of punishment. Too much money being made with little risk.

I think a bunch of public executions of these people would go a long way toward minimizing this activity.
 
Just let consumers, tax payers, and other companies pick up the tab. That way it won't affect your corporate profits as much. Consider the rest as the cost of doing business. The big banks have taught them well.
 
nutzo said:
Wasn't that Apples approach to viruses? Security through obscurity?
Click to expand...

I don't believe so. Apple wasn't obscuring their software or internals, and that description doesn't apply to the low incidence rate of an individual being affected by identity theft.

This would be more like security through minority.
 
As long as companies can limit their risks via EULA and TOS that limit consumer's rights to hold companies accountable, the companies have little incentive to spend today's money on security. Because of the weird rules on corporate spending, money spent on insurance for loses from breaches is often a tax deduction while money spent on equipment/software to prevent breaches creates taxable assets. In Sony's case, the cost of future Playstations will go up a few cents per unit to cover the higher insurance rates caused by past breaches.

What we voters need to push for is a centralized site where we can allow, limit, or prevent any new credit to be enabled using our information. We should be able to change these settings as needed and without cost.
 
heatlesssun said:
This might be considered as over regulation.
Click to expand...

lol...I laugh out of sadness because its true.

Over regulation = not allowing 711 to sell big gulps because people get fat from soda

not over regulation is forcing lazy ass companies to secure valuable information that could destroy peoples lives. But forcing them to do that = job killer
 
This is a pittfall of capitalism. Im not advocating for or against it, but if profit is all that drives you, and its cheaper to just pay fines or risk your clients, thats what youll do.
 
The funnier thing is that govt will probably bail these companies out if they fail because they are too big (to fail).
 
Cali3350 said:
This is a pittfall of capitalism. Im not advocating for or against it, but if profit is all that drives you, and its cheaper to just pay fines or risk your clients, thats what youll do.
Click to expand...

It's why certain regulations are needed... pity they won't be implemented.
 
Come on everyone, invest in the Cloud, it's the wave of the future!
Don't you trust all of your personal data in someone else's hands? Hmm??? :D
 
Spidey329 said:
Companies need to be held more accountable with higher costs/fines for getting breached. It'd lead to investment in cybersecurity when the risk/loss is higher than the reward (for doing nothing).

While we're at it. We should strike the arbitration agreements hidden in ToS's and allow individuals to sue. Want to store customer data? You accept that risk.
Click to expand...

Well, you can say it, but it sure isn't going to happen anytime soon because the Feds just got through doing the exact opposite. The author sounds completely clueless cause if he had a clue I can't see why he wouldn't have mentioned it. Instead he runs through this entire venue as if he has no idea that the Feds currently allow businesses to enroll under the Safety Act which mandates Cyber Security guidance, and Government Scans of their systems which in turn indemnifies them against legal action in the case of a breach. Meaning they sign up, have their IA guys configure their systems in accordance with federal Guidance, allow the Feds to scan for vulnerabilities and take the mandated steps to fix them. And if they get hacked you and I can not sue them for damages. What's more, the newest move is to further protect them from legal recourse if they also share information with the Feds about hostile cyber activity directed against their systems and networks.

So the Federal Government's angle is not to ensure that we, the ones actually being hurt, retain the means to address damages, but instead to shield business from responsibility and by extension, eliminate any incentive for vendors to patch known vulnerabilities. Why would vendors feel any pressure when businesses are not responsible for disasters.
 
dont worry, the feds will go after the hackers and give up and go after the nonhackers that they put a hacker tag on and make it seem like the feds are going after the right people. this will in turn make it seems like our government is doing something productive and making the world safer.
 
You must log in or register to reply here.
Back
Top