Good Cyber-Citizenship or Self-Incrimination?
Some of the most problematic malware these days has a decidedly economic driver behind it. Trojans, keyloggers, botnets and other information stealing and resource controlling malware are the foundation for a underground cyber economy where credit card numbers and PayPal accounts sell for under $10 a piece. Individual are certainly going to report credit fraud regardless of its source, but what about corporate victims of cybercrime?
A couple of articles in Securiy IT Hub have raised this issue. One article reports on the dilemma of reporting attacks spyware and another on the FBI's call to for companies to report cybercrime . Should IT executives respond to the call and possibly incriminate themselves in compliance violations?
We are all going to be better off with better data on the types of cybercrime and techniques used. We are not likely to get that when a key source of information risks fines and other penalties for not keeping their IT systems security up to par. At the same time, disregard for regulations cannot be tolerated. Its time to find a middle ground where we balance the needs of the public with the interests of individual companies.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
