governments should heavily fine companies that are subject to data breaches.
If it cost them real money (proportional to their market cap, the amount of customers affected, and/or the severity of the breach) to allow a data breach, I’m betting they’d shore up those holes REALLLLLLLLLL QUICK.
While I agree that this should happen when negligence is found, don’t be fooled into thinking that will prevent breaches entirely.
As long as things are available online there will be data breaches. Many of them will be a result of negligence. Some of them will be the result of zero day vulnerabilities, though.
Agreed. It WOULD make them almost entirely go away, though. CEO’s are required to do what is best for their bottom line, BY LAW. So, IMO it is essential that this is codified into law in the US in particular because that is the ONLY language that multinational corporations understand and spend real money on fixing.
IMO, It would also help to tip the badly imbalanced scales of profit over to the side of white hat hackers too since organizations that employ black hat hackers creating ransomware make literally TENS OF BILLIONS a year. If I were a hacker (I’m not), at the current market rate, being a white hat hacker is significantly less profitable.
Reposted comment:
I have a solution:
governments should heavily fine companies that are subject to data breaches.
If it cost them real money (proportional to their market cap, the amount of customers affected, and/or the severity of the breach) to allow a data breach, I’m betting they’d shore up those holes REALLLLLLLLLL QUICK.
While I agree that this should happen when negligence is found, don’t be fooled into thinking that will prevent breaches entirely.
As long as things are available online there will be data breaches. Many of them will be a result of negligence. Some of them will be the result of zero day vulnerabilities, though.
Agreed. It WOULD make them almost entirely go away, though. CEO’s are required to do what is best for their bottom line, BY LAW. So, IMO it is essential that this is codified into law in the US in particular because that is the ONLY language that multinational corporations understand and spend real money on fixing.
IMO, It would also help to tip the badly imbalanced scales of profit over to the side of white hat hackers too since organizations that employ black hat hackers creating ransomware make literally TENS OF BILLIONS a year. If I were a hacker (I’m not), at the current market rate, being a white hat hacker is significantly less profitable.
What do you think about ideology of restricting or criminalizing paying ransoms then?
If paying the criminals was also a criminal offense, aside from companies that would still pay, would that curb the majority?