This is not great.
Much of the conversation is about insurance to create corporate conditions of good security to avoid the risk. That's a good start. But this isn't like sorting out ID theft or Credit Card fraud. There's no chargebacks for personally damaging information.
I'd think 'we' as a IT profession need to start pricing the sort of work we are willing to do.
Hey, you want a customer login, $$$, you want to track fine grained information about that person $$$,$$$. You want to create OLAP databases with this data, no thanks I don't want to do the work.
One more thing to ponder. It's probably within the reach of the governments of those affected to identify, track and catch the people who did this. So why doesn't the affected company pay 100 million to catch them. And then those that did it go to jail forever. Or have some grizzly fate befall them that follows them around forever.
Hacking is white collar crime. When you can effectively price risk in white collar crime you can reduce it. Let's see some hackers do the whole jail term, crying dragged away, everyone thinking there but for the grace of god go I.
I'd think 'we' as a IT profession need to start pricing the sort of work we are willing to do. Hey, you want a customer login, $$$, you want to track fine grained information about that person $$$,$$$. You want to create OLAP databases with this data, no thanks I don't want to do the work.
One more thing to ponder. It's probably within the reach of the governments of those affected to identify, track and catch the people who did this. So why doesn't the affected company pay 100 million to catch them. And then those that did it go to jail forever. Or have some grizzly fate befall them that follows them around forever.
Hacking is white collar crime. When you can effectively price risk in white collar crime you can reduce it. Let's see some hackers do the whole jail term, crying dragged away, everyone thinking there but for the grace of god go I.
For certain records, like voting, paper is best.