If a Company You Use Gets Hacked, Don't You Want to Know? - Page 2
There are arguments about disclosing hack attacks and not disclosing them. On the one hand, some feel that if the the public knew the extent of network intrusions, they would be more amenable about funding enhanced government cyber security research and response. If companies shared and exchanged the technical details of their breaches, this information would benefit all companies and organizations who learned from the virtual penetrations to ameliorate future attacks. It is well known that widely used software has vulnerabilities which hackers understand and exploit. In the past, this information was shuttered to users; it needs to be brought to the light and shared so others can shore up the problems with the software or ditch it completely.
Regulation involving corporate mandatory disclosure if a hack has occurred, some argue, is vital for the collective national interest. Disclosure could help protect the nation in the future: against U.S. corporate assets being electronically stolen, against individuals becoming victims of identity theft or against the vicissitudes of cyber espionage. If disclosure benefits the national interest to prevent such from occurring, then disclosure should be perceived in a positive light not a shameful one.
Since there is comfort in the crowd and the scope of the security problem is as far-reaching as experts believe, individual businesses who think they are alone in facing security problems are likely to find they are just one among their peers. Disclosure takes the sting out of the embarrassment of the virtual rape and fosters an openness for corporations to assist each other. Critics supporting disclosure suggest that processes and programs can then evolve to aid security breached companies, similar to those that have developed in the wake of the passage of California’s breach notification law. Fallout will extend to smaller companies who don't have in-house security teams; they will have greater incentive to invest in discovering and disclosing breaches if they are not terrified by the potential downside equated with the negative perceptions of a hack attack.Continued on the next page