companies have been disturbingly silent about cyberattacks on their
computer systems — apparently in fear that this disclosure
will unnerve customers and shareholders and invite lawsuits and
unwanted scrutiny from the government.
In some cases, such silence might violate the legal obligations of
publicly traded companies to share material information about their
businesses. Most companies would tell investors if an important
factory burned to the ground or thieves made off with hundreds of
millions of dollars in cash.
Maybe it’s better to have a prescribed burn of released breach information
than to have a factory fire of unprescribed released information.
As more companies come out of the closet about their Internet security
being compromised, still more start to admit it.
But many (perhaps most) don’t even know.
Fortunately, there is a way the public can get a clue
even about those companies.
Most treat online attacks as a dirty secret best kept from customers,
shareholders and competitors, lest the disclosure sink their stock price
and tarnish them as hapless.
However, as some companies come out of the closet about this (Twitter,
Facebook, Apple, etc.) and such
revelations become more common, the threat of looking foolish fades
and more companies are seizing the opportunity to take the leap in a
“There is a ‘hide in the noise’ effect right now,”
said Alan Paller, director of research at the SANS Institute, a
nonprofit security research and education organization. “This
is a particularly good time to get out the fact that you got hacked,
because if you are one of many, it discounts the starkness of the
Containing the Global Cybercrime Threat is Focus of Counter eCrime Operations Summit (CeCOS VI) in Prague, April 25-27
CeCOS VI, in Prague, Czech Republic, to focus on harmonizing operational issues, cybercrime data exchange, and industrial policies to strengthen and unify the global counter-ecrime effort.
CAMBRIDGE, Mass.—(BUSINESS WIRE)—The 6th annual Counter eCrime Operations Summit (CeCOS VI) will convene in Prague, Czech Republic, April 25-27, 2012, as the APWG gathers global leaders from the financial services, technology, government, law enforcement, communications sectors, and research centers to define common goals and harmonize resources to strengthen the global counter-cybercrime effort.
CeCOS VI Prague will review the development of response systems and resources available to counter-cybercrime managers and forensic professionals from around the world.
Specific goals of this high-level, multi-national conference are to identify common forensic needs, in terms of the data, tools, and communications protocols required to harmonize cybercrime response across borders and between private sector financial and industrial sector responders and public sector policy professionals and law enforcement.
Stop-eCrime aims to reduce electronic crime by increasing transparency
of information and communications technologies.
Born out of 2010 meetings organized by the Anti-Phishing Working Group
and the IEEE Standards Association,
Stop-eCrime has already been
working on ecrime event data exchange standards and protocols, as well
as operational protocols for dealing with computers compromised by ecrime.
Now Stop-eCrime wants you to help tie these technical and operational
levels together into an ecrime detection and response system
coordinated among the public, business, academia, and government.
There’s plenty of work to be done on technical standards and
operational protocols (such as glossaries, metrics, and monetary
effects), plus Stop-eCrime needs educational materials and marketing
to explain incentives for everyone to participate in reducing ecrime.