"FBI: Businesses (Still) Reluctant To Report Cyber Attacks"
Volubis picks up stories in Information Week and Computer World:
Roughly 20% of businesses report computer intrusions annually, a figure the agency believes is low. Director Robert Mueller urged businesses to step forward, promising greater sensitivity from the FBI in return.
This reluctance has become especially important at a time when identity theft is growing rapidly and terrorists are increasingly using the Internet, Mueller said in a speech to the InfraGard national conference, where private companies share security tips and expertise with the FBI.
We really need to get past this. Defending computers is much harder than
defending attacking them. Most of the organizations compelled by California’s SB 1386 to reveal their breaches have not suffered long-term damage because of it. (The ones that have fall into a few categories: Tertiary parties who consumers were not aware had their data, those who lied to the public about what happened, and those where the breach seemed to have more to do with negligence than an accident. Getting defensive about the breach, and focusing PR on how the company was the real victim also doesn’t help.)
What’s more, we need anecdotes from which we can compile data to understand how systems are really compromised. With that data, we could start spending our money on better security systems that actually addressed the threats that matter.
The first step is to admit you have a problem.